All Questions

4 questions

4votes

1answer

1kviews

Is using `crypt` in PostgreSQL for password comparison secure against timing attacks?

I'm currently using PostgreSQL with the pgcrypto extension to store and verify user passwords. When a user logs in, I compare the entered password with the stored hash using the following query: ...

cstff

asked Oct 10, 2024 at 18:27

2votes

0answers

219views

Pros and Cons of hashing password on DB or on API server interacting with db [closed]

I'm trying to understand what is good/bad about hashing a password on a database (like postgres) as opposed to hashing it on an api server and then sending it hashed to the db. Can anyone speak on ...

user258386

asked Jun 3, 2021 at 15:29

3votes

1answer

410views

Can I skip any password hashing for localhost authentication?

Setup I have several services (Postfix, Apache (PHP)) that access a PostgreSQL database on a Debian Linux 10 system. everyone is on the same host they use the loopback interface (127.0.0.1) to ...

problemofficer - n.f. Monica

asked May 6, 2020 at 3:23

8votes

2answers

4kviews

Postgres password security

How safe is a Postgres user's password? When a new db user is created, is the stored password hashed and salted?

LINUX G33NYUS

asked Mar 3, 2017 at 20:06

Stack Exchange Network

All Questions

Is using `crypt` in PostgreSQL for password comparison secure against timing attacks?

Pros and Cons of hashing password on DB or on API server interacting with db [closed]

Can I skip any password hashing for localhost authentication?

Postgres password security

Hot Network Questions

All Questions

Related Tags