Re: WIP: AuthenticationMD5 protocol documentation clarification
| От | Bruce Momjian |
|---|---|
| Тема | Re: WIP: AuthenticationMD5 protocol documentation clarification |
| Дата | |
| Msg-id | 201110140050.p9E0o5T21875@momjian.us обсуждение исходный текст |
| Ответ на | Re: WIP: AuthenticationMD5 protocol documentation clarification (Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>) |
| Список | pgsql-hackers |
Heikki Linnakangas wrote: > On 06.06.2011 16:58, Robert Haas wrote: > > On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilvie<cyan.ogilvie@gmail.com> wrote: > >> This is my first patch, so I hope I've got the process right for submitting > >> patches. > > > > You're doing great. I suspect we do want to either (1) reword what > > you've done in English, rather than writing it as code, or at least > > (2) add some SGML markup to the code. Our next CommitFest starts in > > just over a week, so you should receive some more specific feedback > > pretty soon. > > That is quite complicated to explain in plain English, so some sort of > pseudo-code is probably a good idea. I would recommend not to formulate > it as a SQL expression, though. It makes you think you could execute it > from psql or something. Even if you know that's not how to do it, it > feels confusing. Maybe something like: > > <literal>md5</literal> hex_encode(md5(hex_encode(md5(password username) > salt) > > with some extra markup to make it look pretty. I have applied the attached doc patch to document this. Thanks for the report --- it was something we certainly needed to document. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml new file mode 100644 index 19c9686..4fda518 *** a/doc/src/sgml/protocol.sgml --- b/doc/src/sgml/protocol.sgml *************** *** 293,302 **** <listitem> <para> The frontend must now send a PasswordMessage containing the ! password encrypted via MD5, using the 4-character salt ! specified in the AuthenticationMD5Password message. If ! this is the correct password, the server responds with an ! AuthenticationOk, otherwise it responds with an ErrorResponse. </para> </listitem> </varlistentry> --- 293,307 ---- <listitem> <para> The frontend must now send a PasswordMessage containing the ! password (with username) encrypted via MD5, then encrypted ! again using the 4-byte random salt specified in the ! AuthenticationMD5Password message. If this is the correct ! password, the server responds with an AuthenticationOk, ! otherwise it responds with an ErrorResponse. The actual ! PasswordMessage can be computed in SQL as <literal>concat('md5', ! md5(concat(md5(concat(password, username)), random-salt)))</>. ! (Keep in mind the <function>md5()</> function returns its ! result as a hex string.) </para> </listitem> </varlistentry>
В списке pgsql-hackers по дате отправления: