Re: The Axe list

D'Arcy J.M. Cain wrote:
> On Sun, 12 Oct 2008 12:57:58 +0300
> "Marko Kreen" <markokr@gmail.com> wrote:
>> On 10/11/08, D'Arcy J.M. Cain <darcy@druid.net> wrote:
>>>  +   if (!random_initialized)
>>>  +   {
>>>  +       srandom((unsigned int) time(NULL));
>>>  +       random_initialized = true;
>>>  +   }
>> This is bad idea, postgres already does srandom()
> 
> Is that new?  I added that to my local version at one time because I
> was getting the same salt every time I ran it.

You really should not be using the standard random() function to generat
salts... You need a more secure one.


>>>  +   if ((result = (char *) palloc(16)) != NULL)
>>>  +   {
>>>  +       result[0] = ':';
>>>  +       strcpy(result + 1, password->password);
>>>  +   }
>> AFAIK palloc() cannot return NULL?
> 
> Really?  My program will simply come crashing down if there is a memory
> problem without giving me a chance to clean up?

It will do an ereport() call and clean things up. This is one of the
things that rock with using palloc ;-)

//Magnus