Skip site navigation (1) Skip section navigation (2)

Re: [pgadmin-hackers] Client-side password encryption

From: "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>,"Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au>
Cc: "Peter Eisentraut" <peter_e(at)gmx(dot)net>,<pgsql-hackers(at)postgresql(dot)org>,"Andreas Pflug" <pgadmin(at)pse-consulting(dot)de>
Subject: Re: [pgadmin-hackers] Client-side password encryption
Date: 2005-12-19 08:51:23
Message-ID: E7F85A1B5FF8D44C8A1AF6885BC9A0E4E7EAB7@ratbert.vale-housing.co.uk (view raw or flat)
Thread:
Lists: pgsql-hackers
 

> -----Original Message-----
> From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us] 
> Sent: 19 December 2005 05:37
> To: Christopher Kings-Lynne
> Cc: Peter Eisentraut; pgsql-hackers(at)postgresql(dot)org; Andreas 
> Pflug; Dave Page
> Subject: Re: [HACKERS] [pgadmin-hackers] Client-side password 
> encryption 
> 
> Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
> >> So it appears that pg_md5_encrypt is not officially 
> exported from libpq.  
> >> Does anyone see a problem with adding it to the export 
> list and the 
> >> header file?
> 
> > Is it different to normal md5?  How is this helpful to the 
> phpPgAdmin 
> > project?
> 
> It would be better to export an API that is (a) less random (why one
> input null-terminated and the other not?) and (b) less tightly tied
> to MD5 --- the fact that the caller knows how long the result must be
> is the main problem here.
> 
> Something like
> 	char *pg_gen_encrypted_passwd(const char *passwd, const 
> char *user)
> with malloc'd result (or NULL on failure) seems more future-proof.

Changing the API is likely to cause fun on Windows for new apps that
find an old libpq.dll. Perhaps at this point it should become
libpq82.dll?

Regards, Dave.

Responses

pgsql-hackers by date

Next:From: Martijn van OosterhoutDate: 2005-12-19 08:58:56
Subject: Re: [pgadmin-hackers] Client-side password encryption
Previous:From: OKADA SatoshiDate: 2005-12-19 08:17:40
Subject: Re: Recovery from multi trouble

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group