Re: [pgadmin-hackers] Client-side password encryption

["Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>]

> -----Original Message-----
> From: Martijn van Oosterhout [mailto:kleptog(at)svana(dot)org] 
> Sent: 19 December 2005 09:38
> To: Dave Page
> Cc: Tom Lane; Christopher Kings-Lynne; Peter Eisentraut; 
> pgsql-hackers(at)postgresql(dot)org; Andreas Pflug
> Subject: Re: [HACKERS] [pgadmin-hackers] Client-side password 
> encryption
> 
> On Mon, Dec 19, 2005 at 09:16:19AM -0000, Dave Page wrote:
> > > > > Something like
> > > > > 	char *pg_gen_encrypted_passwd(const char *passwd, const 
> > > > > char *user)
> > > > > with malloc'd result (or NULL on failure) seems more 
> future-proof.
> 
> > > If programs are really worried about it, they should lookup the
> > > function dynamically rather than statically...
> > 
> > For the sake of a simple name change?
> 
> The function as stated above doesn't exist yet, so we're adding a new
> function, not changing the name of one. The function that started the
> thread is not even exported by libpq so changing that shouldn't affect
> anybody. Besides, this whole discussion is moot until someone writes
> such a function.

You missunderstand me - we were asked to start using the function in
third party apps and I pointed out that it wasn't exported so we
couldn't. Tom suggested exporting an API friendly version.

As for the name, I meant the DLL name, not the function name.

> As for Windows DLL hell, I don't know a lot about that, but if that's
> such a problem, why didn't the original creators of the windows port
> stick the version number in there from the start. On UNIX, libpq is
> half versioned (the library is, but not the symbols) so I would have
> thought copying that idea would have been obvious.

Because we simply didn't think of it at the time, and it's something
that has irked me ever since.

Regards, Dave.