| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Changing references of password encryption to hashing |
| Date: | 2017-03-10 02:16:02 |
| Message-ID: | CAB7nPqR82_57C8O1+z-bUChhHpdjMec_omLfKwYdjAFjjcrBWg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
As discussed here:
https://www.postgresql.org/message-id/98cafcd0-5557-0bdf-4837-0f2b7782d0b5@joeconway.com
We are using in documentation and code comments "encryption" to define
what actually is hashing, which is confusing.
Attached is a patch for HEAD to change the documentation to match hashing.
There are a couple of things I noticed on the way:
1) There is the user-visible PQencryptPassword in libpq, which
actually hashes the password, and not encrypts it :)
2) There is as well pg_md5_encrypt() in the code, as well as there is
pg_md5_hash(). Those may be better if renamed, at least I would think
that pg_md5_encrypt should be pg_md5_password_hash, because a salt is
used as well, and the routine is dedicated to work on passwords.
Thoughts?
3) createuser also has --encrypt and --unencrypted, perhaps those
should be renamed? Honestly I don't really think that this is worth a
breakage and the option names match with the SQL commands.
I did not bother about those things in the attached, which works only
documentation and comment changes.
An open item has been added on the wiki.
Thanks,
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| hashed-passwords-doc.patch | application/octet-stream | 25.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-03-10 02:17:33 | Re: Speed up Clog Access by increasing CLOG buffers |
| Previous Message | Tom Lane | 2017-03-10 02:10:58 | Re: Bizarre choice of case for RELKIND_PARTITIONED_TABLE |