Thread

  1. WIP: AuthenticationMD5 protocol documentation clarification

    Cyan Ogilvie <cyan.ogilvie@gmail.com> — 2011-06-05T15:26:35Z

    This is my first patch, so I hope I've got the process right for submitting
    patches.
    
    I'm building a driver to talk version 3.0 of the protocol, and generally
    I've found the documentation to be excellent.  One are I had trouble with
    was responding to the AuthenticationMD5Password challenge.  After receiving
    help on IRC, I've attached a patch to the protocol documentation attempting
    to clarify what is expected by the backend, basically:
    
    concat(
        'md5',
        hex_encode(
            md5(
                concat(
                    hex_encode(
                        md5(
                            concat(password, username)
                        )
                    ),
                    salt
                )
            )
        )
    )
    
    My technical writing skills were not up to wording that in plain english,
    and it seems like the rest of the documentation for the protocol steers
    clear of anything that looks like code.  Is this policy in this area or is
    the code-esque description ok?
    
    No code is changed, only documentation, so I've left out the code-relevant
    patch info fields
    
    Patch info:
    
    Project name: postgresql
    Branch: master
    
    Cyan
    
  2. Re: WIP: AuthenticationMD5 protocol documentation clarification

    Robert Haas <robertmhaas@gmail.com> — 2011-06-06T13:58:50Z

    On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilvie <cyan.ogilvie@gmail.com> wrote:
    > This is my first patch, so I hope I've got the process right for submitting
    > patches.
    
    You're doing great.  I suspect we do want to either (1) reword what
    you've done in English, rather than writing it as code, or at least
    (2) add some SGML markup to the code.  Our next CommitFest starts in
    just over a week, so you should receive some more specific feedback
    pretty soon.
    
    Also, if you'd like to help review someone else's patch, that would be great.
    
    http://archives.postgresql.org/pgsql-rrreviewers/2011-06/msg00000.php
    
    -- 
    Robert Haas
    EnterpriseDB: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
    
    
  3. Re: WIP: AuthenticationMD5 protocol documentation clarification

    Heikki Linnakangas <heikki.linnakangas@enterprisedb.com> — 2011-06-06T15:57:46Z

    On 06.06.2011 16:58, Robert Haas wrote:
    > On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilvie<cyan.ogilvie@gmail.com>  wrote:
    >> This is my first patch, so I hope I've got the process right for submitting
    >> patches.
    >
    > You're doing great.  I suspect we do want to either (1) reword what
    > you've done in English, rather than writing it as code, or at least
    > (2) add some SGML markup to the code.  Our next CommitFest starts in
    > just over a week, so you should receive some more specific feedback
    > pretty soon.
    
    That is quite complicated to explain in plain English, so some sort of 
    pseudo-code is probably a good idea. I would recommend not to formulate 
    it as a SQL expression, though. It makes you think you could execute it 
    from psql or something. Even if you know that's not how to do it, it 
    feels confusing. Maybe something like:
    
    <literal>md5</literal> hex_encode(md5(hex_encode(md5(password username) 
    salt)
    
    with some extra markup to make it look pretty.
    
    -- 
       Heikki Linnakangas
       EnterpriseDB   http://www.enterprisedb.com
    
    
  4. Re: WIP: AuthenticationMD5 protocol documentation clarification

    Bruce Momjian <bruce@momjian.us> — 2011-10-14T00:50:05Z

    Heikki Linnakangas wrote:
    > On 06.06.2011 16:58, Robert Haas wrote:
    > > On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilvie<cyan.ogilvie@gmail.com>  wrote:
    > >> This is my first patch, so I hope I've got the process right for submitting
    > >> patches.
    > >
    > > You're doing great.  I suspect we do want to either (1) reword what
    > > you've done in English, rather than writing it as code, or at least
    > > (2) add some SGML markup to the code.  Our next CommitFest starts in
    > > just over a week, so you should receive some more specific feedback
    > > pretty soon.
    > 
    > That is quite complicated to explain in plain English, so some sort of 
    > pseudo-code is probably a good idea. I would recommend not to formulate 
    > it as a SQL expression, though. It makes you think you could execute it 
    > from psql or something. Even if you know that's not how to do it, it 
    > feels confusing. Maybe something like:
    > 
    > <literal>md5</literal> hex_encode(md5(hex_encode(md5(password username) 
    > salt)
    > 
    > with some extra markup to make it look pretty.
    
    I have applied the attached doc patch to document this.  Thanks for the
    report --- it was something we certainly needed to document.
    
    -- 
      Bruce Momjian  <bruce@momjian.us>        http://momjian.us
      EnterpriseDB                             http://enterprisedb.com
    
      + It's impossible for everything to be true. +