public inbox for [email protected]
help / color / mirror / Atom feedremoval of md5 from example code
4+ messages / 3 participants
[nested] [flat]
* removal of md5 from example code
@ 2018-01-17 16:14 PG Doc comments form <[email protected]>
2018-01-31 04:02 ` Re: removal of md5 from example code Peter Eisentraut <[email protected]>
2018-02-22 18:28 ` Re: removal of md5 from example code Peter Eisentraut <[email protected]>
0 siblings, 2 replies; 4+ messages in thread
From: PG Doc comments form @ 2018-01-17 16:14 UTC (permalink / raw)
To: [email protected]; +Cc: [email protected]
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/10/static/citext.html
Description:
The documentation at
https://www.postgresql.org/docs/current/static/citext.html shows an example
using md5 for password hashes. This is generally a bad practice and not
relevant to the feature documented.
I recommend removing the password column from this example or replacing the
md5 hash with something more secure (a secure hash algorithm with a salt).
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: removal of md5 from example code
2018-01-17 16:14 removal of md5 from example code PG Doc comments form <[email protected]>
@ 2018-01-31 04:02 ` Peter Eisentraut <[email protected]>
2018-02-02 01:23 ` Re: removal of md5 from example code Jon Wolski <[email protected]>
1 sibling, 1 reply; 4+ messages in thread
From: Peter Eisentraut @ 2018-01-31 04:02 UTC (permalink / raw)
To: [email protected]; [email protected]
On 1/17/18 11:14, PG Doc comments form wrote:
> The documentation at
> https://www.postgresql.org/docs/current/static/citext.html shows an example
> using md5 for password hashes. This is generally a bad practice and not
> relevant to the feature documented.
>
> I recommend removing the password column from this example or replacing the
> md5 hash with something more secure (a secure hash algorithm with a salt).
We don't have any other hash functions built in and exposed at the SQL
level. (Maybe that is a problem.) Do you have any other ideas how to
rewrite that example?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: removal of md5 from example code
2018-01-17 16:14 removal of md5 from example code PG Doc comments form <[email protected]>
2018-01-31 04:02 ` Re: removal of md5 from example code Peter Eisentraut <[email protected]>
@ 2018-02-02 01:23 ` Jon Wolski <[email protected]>
0 siblings, 0 replies; 4+ messages in thread
From: Jon Wolski @ 2018-02-02 01:23 UTC (permalink / raw)
To: Peter Eisentraut <[email protected]>; +Cc: [email protected]
I think I get it, now.
Is the reason for including the `pass` in the example so that the
documentation can demonstrate `citext` along side case-sensitive text?
If so, I struggle to come up with anything more obvious than a password
hash for a case where case-sensitive comparison of text is necessary. The
only other thing that comes to mind is an external system identifier like a
Salesforce object id of a user. That would not be as universally obvious an
example of case-sensitivity to all PostgreSQL users..
On Tue, Jan 30, 2018 at 10:02 PM, Peter Eisentraut <
[email protected]> wrote:
> On 1/17/18 11:14, PG Doc comments form wrote:
> > The documentation at
> > https://www.postgresql.org/docs/current/static/citext.html shows an
> example
> > using md5 for password hashes. This is generally a bad practice and not
> > relevant to the feature documented.
> >
> > I recommend removing the password column from this example or replacing
> the
> > md5 hash with something more secure (a secure hash algorithm with a
> salt).
>
> We don't have any other hash functions built in and exposed at the SQL
> level. (Maybe that is a problem.) Do you have any other ideas how to
> rewrite that example?
>
> --
> Peter Eisentraut http://www.2ndQuadrant.com/
> PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
>
^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: removal of md5 from example code
2018-01-17 16:14 removal of md5 from example code PG Doc comments form <[email protected]>
@ 2018-02-22 18:28 ` Peter Eisentraut <[email protected]>
1 sibling, 0 replies; 4+ messages in thread
From: Peter Eisentraut @ 2018-02-22 18:28 UTC (permalink / raw)
To: [email protected]; [email protected]
On 1/17/18 11:14, PG Doc comments form wrote:
> The documentation at
> https://www.postgresql.org/docs/current/static/citext.html shows an example
> using md5 for password hashes. This is generally a bad practice and not
> relevant to the feature documented.
>
> I recommend removing the password column from this example or replacing the
> md5 hash with something more secure (a secure hash algorithm with a salt).
This has been fixed in the master branch.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2018-02-22 18:28 UTC | newest]
Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2018-01-17 16:14 removal of md5 from example code PG Doc comments form <[email protected]>
2018-01-31 04:02 ` Peter Eisentraut <[email protected]>
2018-02-02 01:23 ` Jon Wolski <[email protected]>
2018-02-22 18:28 ` Peter Eisentraut <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox