Re: [pgadmin-hackers] Client-side password encryption

Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:
>> So it appears that pg_md5_encrypt is not officially exported from libpq.  
>> Does anyone see a problem with adding it to the export list and the 
>> header file?

> Is it different to normal md5?  How is this helpful to the phpPgAdmin 
> project?

It would be better to export an API that is (a) less random (why one
input null-terminated and the other not?) and (b) less tightly tied
to MD5 --- the fact that the caller knows how long the result must be
is the main problem here.

Something likechar *pg_gen_encrypted_passwd(const char *passwd, const char *user)
with malloc'd result (or NULL on failure) seems more future-proof.
        regards, tom lane