We add the username to the md5 hash. See the libpq code for an example,
PQencryptPassword().
---------------------------------------------------------------------------
G. J. Walsh wrote:
> At registration, a user's password is encrypted by php's md5 and stored
> in a client login table.
>
> On login, the client's password as provided in a login form, is run
> through md5 ha****ng and submitted to the server for authentication.
> Pretty standard stuff!
>
> BUT authentication always fails.
>
> To get a grip on this, I set up a record with a specific password. For
> some reason I cannot understand, the md5 hash written into postgresql
> does not correspond with the echoing back of the hash at login attempts.
>
> In both instances, the ha****ng is consistent.
>
> The login is performed under ssl. Changing it to run under http makes no
> difference - the ha****ng remains the same.
>
> The data base provides a character varying(32) column for the hashed
> password.
>
> Can someone help me out of this morass???
>
> Much appreciated!
>
> --
> Sent via pgsql-novice mailing list (pgsql-novice@[EMAIL PROTECTED]
)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-novice
--
Bruce Momjian <bruce@[EMAIL PROTECTED]
> http://momjian.us
EnterpriseDB
http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
--
Sent via pgsql-novice mailing list (pgsql-novice@[EMAIL PROTECTED]
)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice
