| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Andreas Pflug <pgadmin(at)pse-consulting(dot)de>, Dave Page <dpage(at)vale-housing(dot)co(dot)uk> |
| Subject: | Re: [pgadmin-hackers] Client-side password encryption |
| Date: | 2005-12-19 05:37:22 |
| Message-ID: | 20023.1134970642@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers pgsql-hackers |
Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
>> So it appears that pg_md5_encrypt is not officially exported from libpq.
>> Does anyone see a problem with adding it to the export list and the
>> header file?
> Is it different to normal md5? How is this helpful to the phpPgAdmin
> project?
It would be better to export an API that is (a) less random (why one
input null-terminated and the other not?) and (b) less tightly tied
to MD5 --- the fact that the caller knows how long the result must be
is the main problem here.
Something like
char *pg_gen_encrypted_passwd(const char *passwd, const char *user)
with malloc'd result (or NULL on failure) seems more future-proof.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2005-12-19 18:00:10 | Re: [pgadmin-hackers] Client-side password encryption |
| Previous Message | Christopher Kings-Lynne | 2005-12-19 05:20:40 | Re: [pgadmin-hackers] Client-side password encryption |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | OKADA Satoshi | 2005-12-19 08:17:40 | Re: Recovery from multi trouble |
| Previous Message | Tom Lane | 2005-12-19 05:27:27 | Re: Recovery from multi trouble |