Re: [pgadmin-hackers] Client-side password encryption

Tom Lane wrote:

>Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:
>  
>
>>>So it appears that pg_md5_encrypt is not officially exported from libpq.  
>>>Does anyone see a problem with adding it to the export list and the 
>>>header file?
>>>      
>>>
>
>  
>
>>Is it different to normal md5?  How is this helpful to the phpPgAdmin 
>>project?
>>    
>>
>
>It would be better to export an API that is (a) less random (why one
>input null-terminated and the other not?) and (b) less tightly tied
>to MD5 --- the fact that the caller knows how long the result must be
>is the main problem here.
>
>Something like
>    char *pg_gen_encrypted_passwd(const char *passwd, const char *user)
>with malloc'd result (or NULL on failure) seems more future-proof.
>
>
>  
>

Where are we on this? In general I agree with Tom, but I have no time to 
do the work. Unless someone has an immediate implementation, I suggest 
that pro tem we add pg_md5_encrypt to src/interfaces/libpq/exports.txt, 
which is the minimum needed to unbreak Windows builds, while this gets 
sorted out properly.

cheers

andrew