| From: | "PostgreSQL Bugs List" <pgsql-bugs(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #1134: ALTER USER ... RENAME breaks md5 passwords |
| Date: | 2004-04-18 09:52:04 |
| Message-ID: | 20040418095204.4D0E6CF5628@www.postgresql.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-patches |
The following bug has been logged online:
Bug reference: 1134
Logged by: Fabien COELHO
Email address: coelho(at)cri(dot)ensmp(dot)fr
PostgreSQL version: 7.5 Dev
Operating system: any
Description: ALTER USER ... RENAME breaks md5 passwords
Details:
If you rename a user with a md5 password, the
password is broken. md5 passwords are the default,
so it means that renaming a user with a password
does not work by default.
This is because the username is used implicitly as salt. This was a bad idea
(tm).
Fixing this has implications on the client/server
protocol for md5 authentication. If you're going
to fix it some day, consider also adding more
characters to the server nonce used in the protocol.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas Pflug | 2004-04-18 10:50:51 | Re: [7.4.2] Still "variable not found in subplan target lists" |
| Previous Message | Tom Lane | 2004-04-16 14:09:28 | Re: [7.4.2] Still "variable not found in subplan target lists" |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kris Jurka | 2004-04-18 10:03:06 | EXECUTE command tag returns actual command |
| Previous Message | Fabien COELHO | 2004-04-18 09:42:50 | guc variables flags explicitly initialisation |