Skip site navigation (1) Skip section navigation (2)

BUG #1134: ALTER USER ... RENAME breaks md5 passwords

From: "PostgreSQL Bugs List" <pgsql-bugs(at)postgresql(dot)org>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #1134: ALTER USER ... RENAME breaks md5 passwords
Date: 2004-04-18 09:52:04
Message-ID: 20040418095204.4D0E6CF5628@www.postgresql.com (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-patches
The following bug has been logged online:

Bug reference:      1134
Logged by:          Fabien COELHO

Email address:      coelho(at)cri(dot)ensmp(dot)fr

PostgreSQL version: 7.5 Dev

Operating system:   any

Description:        ALTER USER ... RENAME breaks md5 passwords

Details: 

If you rename a user with a md5 password, the
password is broken. md5 passwords are the default,
so it means that renaming a user with a password
does not work by default.

This is because the username is used implicitly as salt. This was a bad idea 
(tm). 

Fixing this has implications on the client/server
protocol for md5 authentication. If you're going
to fix it some day, consider also adding more
characters to the server nonce used in the protocol.




Responses

pgsql-bugs by date

Next:From: Andreas PflugDate: 2004-04-18 10:50:51
Subject: Re: [7.4.2] Still "variable not found in subplan target lists"
Previous:From: Tom LaneDate: 2004-04-16 14:09:28
Subject: Re: [7.4.2] Still "variable not found in subplan target lists"

pgsql-patches by date

Next:From: Kris JurkaDate: 2004-04-18 10:03:06
Subject: EXECUTE command tag returns actual command
Previous:From: Fabien COELHODate: 2004-04-18 09:42:50
Subject: guc variables flags explicitly initialisation

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group