How I can re-hash my user's a password using bcrypt in postgresql without iterating them in php?
Question
In my database I use a weak hash, SHA1, for the password. I want to migrate them into a stronger hash (bcrypt). Usually it is done via the following php script:
$sql = "SELECT user_id,password from users";
/**
* @var $pdo database connection
*/
$statement = $pdo->prepare('UPDATE users SET password = :password WHERE user_id = :user_id");
foreach( $pdo->query($sql) as $user)
{
$password = password_hash($user['password'],PASSWORD_DEFAULT);
$statement->bindParam(':password',$password);
$statement->bindParam(':user_id',$user['user_id']);
$stmt->execute();
}
But on large datasets will take too long to update. Therefore do you know a faster way to hash all user passwords in postgresql with a postgresql-native password updating?
Also the code above will run in a migration script and it may cause some delays in deployment as well.
1 answers
solution1
-2 2021-02-24 13:53:31
In order to update the passwords en marre run the following sql:
UPDATE users SET password = crypt(users.password,gen_salt('bf')), double_hash=true;
Ensure password field is at least 72 characters long. Upon sucessfull login rehash the provided password using password_hash .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.