Re: [pgadmin-hackers] Client-side password encryption

By the way,

I've already implemented this in phpPgAdmin trivially using the md5()
function. I can't be bothered using a C library function :D

Chris

Dave Page wrote:
>
>
>
>>-----Original Message-----
>>From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
>>Sent: 19 December 2005 05:37
>>To: Christopher Kings-Lynne
>>Cc: Peter Eisentraut; pgsql-hackers(at)postgresql(dot)org; Andreas
>>Pflug; Dave Page
>>Subject: Re: [HACKERS] [pgadmin-hackers] Client-side password
>>encryption
>>
>>Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
>>
>>>>So it appears that pg_md5_encrypt is not officially
>>
>>exported from libpq.
>>
>>>>Does anyone see a problem with adding it to the export
>>
>>list and the
>>
>>>>header file?
>>
>>>Is it different to normal md5? How is this helpful to the
>>
>>phpPgAdmin
>>
>>>project?
>>
>>It would be better to export an API that is (a) less random (why one
>>input null-terminated and the other not?) and (b) less tightly tied
>>to MD5 --- the fact that the caller knows how long the result must be
>>is the main problem here.
>>
>>Something like
>> char *pg_gen_encrypted_passwd(const char *passwd, const
>>char *user)
>>with malloc'd result (or NULL on failure) seems more future-proof.
>
>
> Changing the API is likely to cause fun on Windows for new apps that
> find an old libpq.dll. Perhaps at this point it should become
> libpq82.dll?
>
> Regards, Dave.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq