Re: [HACKERS] additional contrib test suites

On 9/15/17 6:52 PM, Michael Paquier wrote:
> On Sat, Sep 16, 2017 at 5:15 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>
>> Noting that mandrill is showing yet a different failure, one that I think
>> is inherent to chkpass:
>>
>>   CREATE TABLE test (i int, p chkpass);
>>   INSERT INTO test VALUES (1, 'hello'), (2, 'goodbye');
>> + WARNING:  type chkpass has unstable input conversion for "hello"
>> + LINE 1: INSERT INTO test VALUES (1, 'hello'), (2, 'goodbye');
>> +                                     ^
>> + WARNING:  type chkpass has unstable input conversion for "goodbye"
>> + LINE 1: INSERT INTO test VALUES (1, 'hello'), (2, 'goodbye');
>> +                                                   ^
>>
>> I'm starting to think that (4) might be the best avenue.  Or we could
>> consider
>>
>> (5) drop contrib/chkpass altogether, on the grounds that it's too badly
>> designed, and too obsolete crypto-wise, to be useful or supportable.
> 
> crypt() uses the 7 lowest characters, which makes for 7.2e16 values,
> so I would be fine with (5), then (4) as the test suite is not
> portable.

I'd prefer 5, but can go with 4.

I get that users need to store their own passwords, but we have support
for SHA1 via the crypto module which seems by far the better choice.

-- 
-David
david@pgmasters.net


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers