Re: Explanation of pg_authid.rolpassword

On Sun, Sep 12, 2010 at 8:50 PM, Josh Kupershmidt <schmiddy@gmail.com> wrote:
> On Sun, Sep 12, 2010 at 8:36 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>> On Thu, Sep 2, 2010 at 11:06 PM, Josh Kupershmidt <schmiddy@gmail.com> wrote:
>> This seems a bit long-winded to me.  How about just changing the
>> column description to something like this:
>>
>> Either the user's unencrypted password (if the UNENCRYPTED option was
>> used when creating the role or if password_encryption is off), or the
>> string 'md5' followed by a 32-character hexadecimal md5 hash of the
>> user's password.  NULL if no password.
>
> I agree my explanation might have been a tad lengthy. But the md5 hash
> is of password plus username, not just password. This does seem to
> cause confusion; maybe we could leave the example password hashing in
> as a footnote on that page?

Oh, I see.  But I still don't think we really need to provide specific
examples of what you get when you MD5 particular values... except for
people who can run the MD5 algorithm in reverse in their head, that
doesn't seem like it's adding anything.  Second try:

Either the user's unencrypted password (if the UNENCRYPTED option was
used when creating the role or if password_encryption is off), or the
string 'md5' followed by a 32-character hexadecimal md5 hash.  The md5
hash will be of the user's password concatenated to their username
(e.g. if user joe has password xyzzy, PostgreSQL will store the md5
hash of xyzzyjoe).  If the user has no password, this column will be
NULL.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company