All Questions
2 questions
4votes
1answer
1kviews
Is using `crypt` in PostgreSQL for password comparison secure against timing attacks?
I'm currently using PostgreSQL with the pgcrypto extension to store and verify user passwords. When a user logs in, I compare the entered password with the stored hash using the following query: ...
- 45
3votes
1answer
410views
Can I skip any password hashing for localhost authentication?
Setup I have several services (Postfix, Apache (PHP)) that access a PostgreSQL database on a Debian Linux 10 system. everyone is on the same host they use the loopback interface (127.0.0.1) to ...
