Re: [ADMIN] Authentication and Perl

On Fri, 25 Sep 1998, aaron ross wrote:

> Hi,
>     i am trying to connect to postgres from a Perl script using DBI,
> and using an encrypted password.  (for right now i'm doing this on a
> local machine, but the idea is obviously to go from a web server to
> another machine with postgres on it.) Even though I have this in the
> pg_hba.conf file:
>
> local        all                                         crypt
> host         all         127.0.0.1     255.255.255.255   crypt
>
>     the perl script connects just fine with a plain text password.
>
>
>     but if i use perl's crypt function,
>
> $dbh = DBI->connect("DBI:Pg:dbname=dbname", "user", crypt("cleartext",
> $randomseedvalue))
>
>     then i can't connect.
>
>     Is this because the crypt in perl is different from that in
> postgres?  that would really surprise me.

No. With crypt mode, a salt value is generated in the backend, and is
passed to the client. The client then crypts the password using that salt
value, and sends just the now crypted password over the network connection
to the backend. The backend then crypts what it thinks is the password,
and compares the two encrypted strings.

All you have done is crypted the password, then the DBI interface is then
crypting it again, so the passwords don't match.

No matter what authentication scheme or interface is in use, you pass the
cleartext password to the interface. It's down to the interface to crypt
it before it goes over the wire.

Hope that helps.

Peter

--
       Peter T Mount peter@retep.org.uk
      Main Homepage: http://www.retep.org.uk
PostgreSQL JDBC Faq: http://www.retep.org.uk/postgres
 Java PDF Generator: http://www.retep.org.uk/pdf