public inbox for [email protected]help / color / mirror / Atom feed
removal of md5 from example code 4+ messages / 3 participants [nested] [flat]
* removal of md5 from example code @ 2018-01-17 16:14 PG Doc comments form <[email protected]> 0 siblings, 2 replies; 4+ messages in thread From: PG Doc comments form @ 2018-01-17 16:14 UTC (permalink / raw) To: [email protected]; +Cc: [email protected] The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/10/static/citext.html Description: The documentation at https://www.postgresql.org/docs/current/static/citext.html shows an example using md5 for password hashes. This is generally a bad practice and not relevant to the feature documented. I recommend removing the password column from this example or replacing the md5 hash with something more secure (a secure hash algorithm with a salt). ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: removal of md5 from example code @ 2018-01-31 04:02 Peter Eisentraut <[email protected]> parent: PG Doc comments form <[email protected]> 1 sibling, 1 reply; 4+ messages in thread From: Peter Eisentraut @ 2018-01-31 04:02 UTC (permalink / raw) To: [email protected]; [email protected] On 1/17/18 11:14, PG Doc comments form wrote: > The documentation at > https://www.postgresql.org/docs/current/static/citext.html shows an example > using md5 for password hashes. This is generally a bad practice and not > relevant to the feature documented. > > I recommend removing the password column from this example or replacing the > md5 hash with something more secure (a secure hash algorithm with a salt). We don't have any other hash functions built in and exposed at the SQL level. (Maybe that is a problem.) Do you have any other ideas how to rewrite that example? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: removal of md5 from example code @ 2018-02-02 01:23 Jon Wolski <[email protected]> parent: Peter Eisentraut <[email protected]> 0 siblings, 0 replies; 4+ messages in thread From: Jon Wolski @ 2018-02-02 01:23 UTC (permalink / raw) To: Peter Eisentraut <[email protected]>; +Cc: [email protected] I think I get it, now. Is the reason for including the `pass` in the example so that the documentation can demonstrate `citext` along side case-sensitive text? If so, I struggle to come up with anything more obvious than a password hash for a case where case-sensitive comparison of text is necessary. The only other thing that comes to mind is an external system identifier like a Salesforce object id of a user. That would not be as universally obvious an example of case-sensitivity to all PostgreSQL users.. On Tue, Jan 30, 2018 at 10:02 PM, Peter Eisentraut < [email protected]> wrote: > On 1/17/18 11:14, PG Doc comments form wrote: > > The documentation at > > https://www.postgresql.org/docs/current/static/citext.html shows an > example > > using md5 for password hashes. This is generally a bad practice and not > > relevant to the feature documented. > > > > I recommend removing the password column from this example or replacing > the > > md5 hash with something more secure (a secure hash algorithm with a > salt). > > We don't have any other hash functions built in and exposed at the SQL > level. (Maybe that is a problem.) Do you have any other ideas how to > rewrite that example? > > -- > Peter Eisentraut http://www.2ndQuadrant.com/ > PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services > ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: removal of md5 from example code @ 2018-02-22 18:28 Peter Eisentraut <[email protected]> parent: PG Doc comments form <[email protected]> 1 sibling, 0 replies; 4+ messages in thread From: Peter Eisentraut @ 2018-02-22 18:28 UTC (permalink / raw) To: [email protected]; [email protected] On 1/17/18 11:14, PG Doc comments form wrote: > The documentation at > https://www.postgresql.org/docs/current/static/citext.html shows an example > using md5 for password hashes. This is generally a bad practice and not > relevant to the feature documented. > > I recommend removing the password column from this example or replacing the > md5 hash with something more secure (a secure hash algorithm with a salt). This has been fixed in the master branch. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services ^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2018-02-22 18:28 UTC | newest] Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2018-01-17 16:14 removal of md5 from example code PG Doc comments form <[email protected]> 2018-01-31 04:02 ` Peter Eisentraut <[email protected]> 2018-02-02 01:23 ` Jon Wolski <[email protected]> 2018-02-22 18:28 ` Peter Eisentraut <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox