pg_datatype_password
Abstract
PostgreSQL data type for storing blowfish encrypted and salted passwords which can be queried against clear text.
Synopsis
On CLI:
$ make install
On SQL:
```SQL CREATE EXTENSION pgcrypto; CREATE EXTENSION pg_datatype_password;
CREATE TABLE app_user ( id SERIAL, password password, CONSTRAINT pkey PRIMARY KEY(id) );
CREATE TRIGGER encrypt_password BEFORE INSERT OR UPDATE OF password ON app_user FOR EACH ROW EXECUTE PROCEDURE t_encrypt_password();
-- Password is inserted as encrypted because of trigger. INSERT INTO app_user (password) VALUES ('MySecret'); INSERT INTO app_user (password) VALUES ('MySecret'); ```
SQL
SELECT * FROM app_user;
id | password ------|--------------- 1 | $2a$08$uTmBdGeSABWFM.scyi3DB.d0G.9Lmof6j06dc.PTdkiS4AeyoCjGu 2 | $2a$08$oTyyV8VlUMXWmWPsUbuzNOHZImN3FB79dNZkgjxaDH8/gWCU8/Jli
```SQL -- Test with clear password such as coming from web application. -- See two passwords encrypted differently even they were same as clear text, because every password is created with different salt. SELECT * FROM app_user WHERE id = 1 AND password = 'MySecret';
```
id | password ------|--------------- 1 | $2a$08$uTmBdGeSABWFM.scyi3DB.d0G.9Lmof6j06dc.PTdkiS4AeyoCjGu 2 | $2a$08$oTyyV8VlUMXWmWPsUbuzNOHZImN3FB79dNZkgjxaDH8/gWCU8/Jli
SQL
-- Cannot be tested with encrypted password.
SELECT * FROM app_user WHERE id = 1 AND password = '$2a$08$uTmBdGeSABWFM.scyi3DB.d0G.9Lmof6j06dc.PTdkiS4AeyoCjGu';
id | password ------|--------------- |
Description
This is a PostgreSQL extension which adds custom base data type called password
and related operators. This module requires pgcrypto
module.
User can transparently query encrypted passwords against clear password coming from web application etc. Every password is encryped using different salt, therefore even same passwords are represented with different encryped text. See [https://www.postgresql.org/docs/current/static/pgcrypto.html](pgcrypto documentation)
Support
[https://github.com/ozum/pg_datatype_password/issues](GitHub Issues)
Author
[https://github.com/ozum](Özüm Eldoğan)
Copyright and License
Copyright (c) 2016 Özüm Eldoğan.