Re: [pgadmin-hackers] Client-side password encryption

[Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>]

By the way,

I've already implemented this in phpPgAdmin trivially using the md5() 
function.  I can't be bothered using a C library function :D

Chris

Dave Page wrote:
>  
>
>
> > -----Original Message-----
> > From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us] 
> > Sent: 19 December 2005 05:37
> > To: Christopher Kings-Lynne
> > Cc: Peter Eisentraut; pgsql-hackers(at)postgresql(dot)org; Andreas 
> > Pflug; Dave Page
> > Subject: Re: [HACKERS] [pgadmin-hackers] Client-side password 
> > encryption 
> >
> > Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
> >
> > > > So it appears that pg_md5_encrypt is not officially 
> >
> > exported from libpq.  
> >
> > > > Does anyone see a problem with adding it to the export 
> >
> > list and the 
> >
> > > > header file?
> >
> > > Is it different to normal md5?  How is this helpful to the 
> >
> > phpPgAdmin 
> >
> > > project?
> >
> > It would be better to export an API that is (a) less random (why one
> > input null-terminated and the other not?) and (b) less tightly tied
> > to MD5 --- the fact that the caller knows how long the result must be
> > is the main problem here.
> >
> > Something like
> > 	char *pg_gen_encrypted_passwd(const char *passwd, const 
> > char *user)
> > with malloc'd result (or NULL on failure) seems more future-proof.
>
>
> Changing the API is likely to cause fun on Windows for new apps that
> find an old libpq.dll. Perhaps at this point it should become
> libpq82.dll?
>
> Regards, Dave.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
>                http://www.postgresql.org/docs/faq