I read that there are datatypes which do encryption so passwords are secured in your database.
I use at the moment varchar to store passwords. I have had the idea that I should somehow apply a SHA-512 function to the password and put that data somewhere such that the plain text password is removed.
However, the datatype in Perl suggests me that there are a better way in PostgreSQL than varchar.
What is the datatype for a password in PostgreSQL?
There is no such datatype.
But you can (more or less easily) create one - check this blog post.
I asked the same question from my friend. He answers that
Use PHP's md5*() -fuction. Then, save passwords to VARCHAR(32) field.
Is this a good way to store passwords?
Jeff has a good article titled You're Probably Storing Passwords Incorrectly. This article discusses various ways of storing passwords in databases, and some of the common pitfalls that you may run into. In particular, it discusses the use of hashing algorithms, rainbow tables, and the use of "salt" to reduce the risk of a compromised password file.
The use of the varchar data type is perfectly suitable for storing a properly hashed password. For example, here is part of my actual account record from a production database:
=> select account_id, email, salt, passhash from account where email = '[email protected]'; account_id | email | salt | passhash ------------+------------------+------------------+------------------------------------------ 1 | [email protected] | GFR9uT4N4Tzl3vnK | 2c2bf00079a6d49a8f7fb17cefb52fdb41a4b043 (1 row)
In this case, passhash is the hex representation of the SHA-1 of the salt concatenated with my password.
Sorry to drudge up an old topic, but I'm starting DBing and just playing around. So, adding a salt to an MD5 helps to prevent it's breaking, and randomness works best. from what I'm understanding, I should, when creating a user, create a random salt, then MD5 salt+passwd. Should I have it such that php get's the salt then md5's it, or should I build something into postgresql to do this?