Joachim Zobel <[EMAIL PROTECTED]> writes:
> I am thinking about building a login, where the logged in users are
> stored in a table logins. To make it shure and documented the users have
> entered a password I want to store the MD5(pw) in logins. To make it
> impossible to fake logins entries I plan to store the MD5(MD5(pw)) in
> the users table and use this for authentication purposes.
> This seems like a good idea to me. Does anybody see any flaws?
Well, for one thing, it would be instantly apparent from the users table
if two users had chosen the same password.
You might want to copy the way things are done in the postgres pg_shadow
table, which from memory is something like MD5(MD5(pw) || username).
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
