Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
PostgreSQL only has MD5 for encryption for storing passwords.
From reading hack logs, it seems that MD5 alone is not a very secure way to store the password.
I have been using MD5 of MD5 — MD5 once at the client and then MD5 again at the database — but I don’t know that this is much stronger.
First, is it necessary to beef-up storing the passwords? And second, what would be a simple, effective, cross-language approach?
Installing the
pgcryptoextension gives you a suite of functions and tools to use.Among those are the ability to use
bcrypt, which is a good way of storing passwords.If not using it in postgres, you might consider it outside in the language you use.
Relevant links: http://www.postgresql.org/docs/current/static/pgcrypto.html for the postgres-parts and http://codahale.com/how-to-safely-store-a-password/ for motivation/explanation as to why you’d want to use it.