Skip site navigation (1) Skip section navigation (2)

Re: [pgadmin-hackers] Client-side password encryption

From: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
To: Dave Page <dpage(at)vale-housing(dot)co(dot)uk>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>,pgsql-hackers(at)postgresql(dot)org,Andreas Pflug <pgadmin(at)pse-consulting(dot)de>
Subject: Re: [pgadmin-hackers] Client-side password encryption
Date: 2005-12-20 01:33:28
Message-ID: 43A75F68.8010903@familyhealth.com.au (view raw or flat)
Thread:
Lists: pgsql-hackers
By the way,

I've already implemented this in phpPgAdmin trivially using the md5() 
function.  I can't be bothered using a C library function :D

Chris

Dave Page wrote:
>  
> 
> 
>>-----Original Message-----
>>From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us] 
>>Sent: 19 December 2005 05:37
>>To: Christopher Kings-Lynne
>>Cc: Peter Eisentraut; pgsql-hackers(at)postgresql(dot)org; Andreas 
>>Pflug; Dave Page
>>Subject: Re: [HACKERS] [pgadmin-hackers] Client-side password 
>>encryption 
>>
>>Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
>>
>>>>So it appears that pg_md5_encrypt is not officially 
>>
>>exported from libpq.  
>>
>>>>Does anyone see a problem with adding it to the export 
>>
>>list and the 
>>
>>>>header file?
>>
>>>Is it different to normal md5?  How is this helpful to the 
>>
>>phpPgAdmin 
>>
>>>project?
>>
>>It would be better to export an API that is (a) less random (why one
>>input null-terminated and the other not?) and (b) less tightly tied
>>to MD5 --- the fact that the caller knows how long the result must be
>>is the main problem here.
>>
>>Something like
>>	char *pg_gen_encrypted_passwd(const char *passwd, const 
>>char *user)
>>with malloc'd result (or NULL on failure) seems more future-proof.
> 
> 
> Changing the API is likely to cause fun on Windows for new apps that
> find an old libpq.dll. Perhaps at this point it should become
> libpq82.dll?
> 
> Regards, Dave.
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
> 
>                http://www.postgresql.org/docs/faq


In response to

Responses

pgsql-hackers by date

Next:From: Alvaro HerreraDate: 2005-12-20 02:01:58
Subject: Re: [pgadmin-hackers] Client-side password encryption
Previous:From: Albert ChinDate: 2005-12-19 23:41:28
Subject: Re: Trouble building 8.1.1 on Tru64 UNIX 5.1

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group