Re: Re: Proposal for encrypting pg_shadow passwords

> > Bruce Momjian writes:
> >
> > > Attached please find:
> > >
> > >     the original proposal to encrypt pg_shadow
> > >     a diff of the current CVS
> > >     two new files (backend/libpq/md5.c and include/libpq/md5.h)
> > >         which implement MD5 encryption (from Vince with cleanups)
> >
> > I also see that the md5.c implementation does not use palloc and makes the
> > rather odd assumption that long int == unsigned64.

Also, I didn't use palloc because the same C code is used in the backend
and libpq.

> That is from Vince's code, I think.  Can you suggest a fix?
>
> > What's your rush?  Is there a deadline now?
>
> I want to do SCM patch, then write presentation for LinuxWorld, and go
> to Linuxworld. Then we are at the end of August.  Also, people need to
> do the Java MD5 code, and if I want that before we start 7.2 beta, I
> feel rushed.

It is not knowing how quickly the ODBC/JDBC people can handle this that
has me a little worried.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026