Re: [pgadmin-hackers] Client-side password encryption

> -----Original Message-----
> From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
> Sent: 19 December 2005 05:37
> To: Christopher Kings-Lynne
> Cc: Peter Eisentraut; pgsql-hackers@postgresql.org; Andreas
> Pflug; Dave Page
> Subject: Re: [HACKERS] [pgadmin-hackers] Client-side password
> encryption
>
> Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:
> >> So it appears that pg_md5_encrypt is not officially
> exported from libpq.
> >> Does anyone see a problem with adding it to the export
> list and the
> >> header file?
>
> > Is it different to normal md5?  How is this helpful to the
> phpPgAdmin
> > project?
>
> It would be better to export an API that is (a) less random (why one
> input null-terminated and the other not?) and (b) less tightly tied
> to MD5 --- the fact that the caller knows how long the result must be
> is the main problem here.
>
> Something like
>     char *pg_gen_encrypted_passwd(const char *passwd, const
> char *user)
> with malloc'd result (or NULL on failure) seems more future-proof.

Changing the API is likely to cause fun on Windows for new apps that
find an old libpq.dll. Perhaps at this point it should become
libpq82.dll?

Regards, Dave.