public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Robert Treat <[email protected]>
Cc: Dan Langille <[email protected]>
Cc: [email protected]
Subject: Re: What goes into the security doc?
Date: Sat, 25 Jan 2003 21:15:53 -0500 (EST)
Message-ID: <[email protected]> (raw)
In-Reply-To: <1043162191.18529.11.camel@camel>
Robert Treat wrote:
> I'm not sure how adequately these topics are covered elsewhere, but you
> should probably provide at least a pointer if not improved information:
>
> * Should have a mention of the pgcrypto code in contrib.
>
> * Brain hiccup, but isn't there some type of "password" datatype
It is in /contrib as chkpass:
Chkpass is a password type that is automatically checked and converted upon
entry. It is stored encrypted. To compare, simply compare agains a clear
text password and the comparison function will encrypt it before comparing.
It also returns an error if the code determines that the password is easily
crackable. This is currently a stub that does nothing.
I haven't worried about making this type indexable. I doubt that anyone
would ever need to sort a file in order of encrypted password.
If you precede the string with a colon, the encryption and checking are
skipped so that you can enter existing passwords into the field.
On output, a colon is prepended. This makes it possible to dump and reload
passwords without re-encrypting them. If you want the password (encrypted)
without the colon then use the raw() function. This allows you to use the
type with things like Apache's Auth_PostgreSQL module.
D'Arcy J.M. Cain
[email protected]
The document is a good idea, and the initdb -W item is good too!
--
Bruce Momjian | http://candle.pha.pa.us
[email protected] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
view thread (20+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: What goes into the security doc?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox