Re: [pgadmin-hackers] Client-side password encryption
Andrew Dunstan <andrew@dunslane.net>
From: Andrew Dunstan <andrew@dunslane.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Christopher Kings-Lynne <chriskl@familyhealth.com.au>, Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org, Andreas Pflug <pgadmin@pse-consulting.de>, Dave Page <dpage@vale-housing.co.uk>
Date: 2005-12-22T23:49:17Z
Lists: pgsql-hackers
Tom Lane wrote: >Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes: > > >>>So it appears that pg_md5_encrypt is not officially exported from libpq. >>>Does anyone see a problem with adding it to the export list and the >>>header file? >>> >>> > > > >>Is it different to normal md5? How is this helpful to the phpPgAdmin >>project? >> >> > >It would be better to export an API that is (a) less random (why one >input null-terminated and the other not?) and (b) less tightly tied >to MD5 --- the fact that the caller knows how long the result must be >is the main problem here. > >Something like > char *pg_gen_encrypted_passwd(const char *passwd, const char *user) >with malloc'd result (or NULL on failure) seems more future-proof. > > > > Where are we on this? In general I agree with Tom, but I have no time to do the work. Unless someone has an immediate implementation, I suggest that pro tem we add pg_md5_encrypt to src/interfaces/libpq/exports.txt, which is the minimum needed to unbreak Windows builds, while this gets sorted out properly. cheers andrew