[pgsql-ayuda] Campo que contenga password

=?iso-8859-1?Q?V=EDctor_Manuel_J=E1quez_Leal?= ceyusa@coral.com.mx
Tue, 5 Dec 2000 09:43:08 -0600
Previous message: [pgsql-ayuda] Campo que contenga password
Next message: [pgsql-ayuda] Campo que contenga password
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> dentro de mi base de datos quiero tener un campo en una tabla de datos
> personales en el que se guarden passwords, como puede encriptar dicho campo?
> esto puede resultar inseguro? es mejor ponerlo todas las claves en una tabla
> diferente?


>From ceyusa@linux1.coral.com.mx Tue Dec  5 09:34:58 2000
Return-Path: <ceyusa@linux1.coral.com.mx>
Delivered-To: ceyusa@coral.com.mx
Received: (qmail 6427 invoked from network); 5 Dec 2000 15:34:58 -0000
Received: from linux1.coral.com.mx (148.245.41.15)
  by coral.com.mx with SMTP; 5 Dec 2000 15:34:58 -0000
Received: from localhost (ceyusa@localhost)
	by linux1.coral.com.mx (8.9.3/8.9.3) with SMTP id KAA32022
	for <ceyusa@coral.com.mx>; Tue, 5 Dec 2000 10:19:21 -0600
Date: Tue, 5 Dec 2000 10:19:21 -0600 (CST)
From: Victor Manuel Jaquez Leal <ceyusa@linux1.coral.com.mx>
To: ceyusa@coral.com.mx
Subject: Re: [GENERAL] Functions in postgres (fwd)
Message-ID: <Pine.LNX.3.96.1001205101915.31935A-200000@linux1.coral.com.mx>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY=pf9I7BMVVzbSWLtt
Content-ID: <Pine.LNX.3.96.1001205101915.31935B@linux1.coral.com.mx>

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--pf9I7BMVVzbSWLtt
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <Pine.LNX.3.96.1001205101915.31935C@linux1.coral.com.mx>



---------- Forwarded message ----------
Date: Wed, 5 Apr 2000 14:20:52 -0500
From: "Ross J. Reedstrom" <reedstrm@wallace.ece.rice.edu>
To: Victor Manuel Jaquez Leal <ceyusa@linux1.coral.com.mx>
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] Functions in postgres

On Wed, Apr 05, 2000 at 12:04:49PM -0500, Victor Manuel Jaquez Leal wrote:
> 
> Hi!

Hi back at ya.

> 
> I know that with \df you can see the functions available in postgres, but
> there must be others not documented just like getpgusername().
> 
> My question is if are there a more complete list of postgres'
> functions.  To be more specific I'm looking for a crypt function.
> 

Then you're in luck. Not as much luck as if there was a built in, but
I've attached my implementation below. I stole a general boiler plate
function from someone else, and modified it to call crypt. The trickiest
part was generating random salt. I use it with these SQL statements:

CREATE FUNCTION "sqlcrypt" (text,text ) RETURNS text AS
'/usr/local/pgsql/data/sqlcrypt.so' LANGUAGE 'C'; 

CREATE FUNCTION "sqlcrypt" (text ) RETURNS text AS 'select
sqlcrypt($1,'''')' LANGUAGE 'SQL';

That way, I can say sqlcrypt('somestring') and it'll return a crypted
version of the string, with a randomly selected salt. I use it for
storing passwords for a web based login: for that, we check logins as 
so:

SELECT * FROM "Personnel" WHERE "PerUsername" = 'RJReedstrom' AND
"PerPassword" = sqlcrypt('password',substr("PerPassword",1,2))

That will only return results if the password hashes match. It does expose
the cleartext of the password between the web server and postgres db:
That's not a problem for us, since they're on the same machine.

Ross
-- 
Ross J. Reedstrom, Ph.D., <reedstrm@rice.edu> 
NSBRI Research Scientist/Programmer
Computer and Information Technology Institute
Rice University, 6100 S. Main St.,  Houston, TX 77005

--pf9I7BMVVzbSWLtt
Content-Type: TEXT/X-CSRC; CHARSET=US-ASCII
Content-ID: <Pine.LNX.3.96.1001205101915.31935D@linux1.coral.com.mx>
Content-Description: 

#define _XOPEN_SOURCE
#include <postgres.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <sys/time.h>


text *sqlcrypt(text *key, text *salt);
/*sql create function sqlcrypt(text,text) returns text as 'DESTLIB' language 'c'*/

char *crypt(const char *key, const char *salt);
int rand(void);
void srand(unsigned int seed);


text *sqlcrypt(text *key, text *salt)
{
  text *ret;
  char pass[] = "123456789";
  char s[] = "...";
  char salts[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
  int j,k;
  struct timeval tv;


  s[2]=0;
  bzero(pass,9);
  if ((VARSIZE(salt)-VARHDRSZ) < 2)
    {
    gettimeofday(&tv,0);
    srand((unsigned int)(tv.tv_usec));
    j=(rand() % 64);
    k=(rand() % 64);
    s[0]=salts[j];
    s[1]=salts[k];
	   
    }
  else
    {
    memcpy(s,VARDATA(salt),2);
    }
  ret = palloc(VARHDRSZ + 13);
  bzero(ret,VARHDRSZ + 13);
  VARSIZE(ret) = (VARHDRSZ + 13);
  if ((VARSIZE(key)-VARHDRSZ) < 8)
  {
  	memcpy(pass,VARDATA(key),VARSIZE(key)-VARHDRSZ);
  }
  else
  {
	  memcpy(pass,VARDATA(key),8) ;
  }

  memcpy(VARDATA(ret), crypt(pass,s),13); 

  return ret;
}

--pf9I7BMVVzbSWLtt--



------------------------------
Víctor Manuel Jáquez Leal
http://www.coral.com.mx/ceyusa
--------- Pie de mensaje -------------------------------------------
Archivo historico: http://tlali.iztacala.unam.mx/maillist/pgsql-ayuda
Cancelar inscripcion:
mail to: majordomo@tlali.iztacala.unam.mx
text   : unsubscribe pgsql-ayuda
Previous message: [pgsql-ayuda] Campo que contenga password
Next message: [pgsql-ayuda] Campo que contenga password
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]