Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1egjbB-0005vf-MG for pgsql-docs@arkaria.postgresql.org; Wed, 31 Jan 2018 04:02:13 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1egjb9-000281-Ox for pgsql-docs@arkaria.postgresql.org; Wed, 31 Jan 2018 04:02:11 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1egjb9-00027s-AJ for pgsql-docs@lists.postgresql.org; Wed, 31 Jan 2018 04:02:11 +0000 Received: from out3-smtp.messagingengine.com ([66.111.4.27]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1egjb5-0003Rq-I7 for pgsql-docs@lists.postgresql.org; Wed, 31 Jan 2018 04:02:10 +0000 Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 468D020A34; Tue, 30 Jan 2018 23:02:05 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute7.internal (MEProxy); Tue, 30 Jan 2018 23:02:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=ymkxcJ TvVDtKwKSuWqohW/a4dXC3vUnt1ZQzH7GECVo=; b=eIT/7wZ0t3U5QdIGsH6Jrf 8ErKSHqx/MxJmeosOc3VgXaGVFuQp4tqwl9PZ74t6B2ZuK0ddwyTtRGyYgAKCGgS t3PeRiDLY5o1FySJ2eoGCnmWNwBljMsrKEqsDKGYW5IiaA3M9OUqVTbc/SBT1nyv oewtI3/C4AmUOmVkAP9O49EJfaPLyZjWAR8pmmewEouc7WLsMztc8ToYwnmYkbCH E6p1JAG1i9GZqqwPYia+/Qq/DtF1SkRtRI/PD4oXemD/F6+SqvnR0/2Hf9gRbuXN azqZG6TuFx9Wtf+u4pBEVk0XfSjDm6IvSjsB4ZRt5pY98AKDEEzQgZTQ8hQpFqlg == X-ME-Sender: Received: from april.local (c-73-13-66-39.hsd1.pa.comcast.net [73.13.66.39]) by mail.messagingengine.com (Postfix) with ESMTPA id 017F27E17D; Tue, 30 Jan 2018 23:02:04 -0500 (EST) Subject: Re: removal of md5 from example code To: jonwolski@gmail.com, pgsql-docs@lists.postgresql.org References: <20180117161459.3623.50555@wrigleys.postgresql.org> From: Peter Eisentraut Organization: 2ndQuadrant Message-ID: <5dba9c6c-19fe-6095-ff83-d8d9e29d0e93@2ndquadrant.com> Date: Tue, 30 Jan 2018 23:02:04 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180117161459.3623.50555@wrigleys.postgresql.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk On 1/17/18 11:14, PG Doc comments form wrote: > The documentation at > https://www.postgresql.org/docs/current/static/citext.html shows an example > using md5 for password hashes. This is generally a bad practice and not > relevant to the feature documented. > > I recommend removing the password column from this example or replacing the > md5 hash with something more secure (a secure hash algorithm with a salt). We don't have any other hash functions built in and exposed at the SQL level. (Maybe that is a problem.) Do you have any other ideas how to rewrite that example? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services