Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1ehfeF-0000GB-4N
	for pgsql-docs@arkaria.postgresql.org; Fri, 02 Feb 2018 18:01:15 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.84_2)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1ehfeE-0006kQ-9u
	for pgsql-docs@arkaria.postgresql.org; Fri, 02 Feb 2018 18:01:14 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.84_2)
	(envelope-from <jonwolski@gmail.com>)
	id 1ehQ4u-0005IH-1P
	for pgsql-docs@lists.postgresql.org; Fri, 02 Feb 2018 01:23:44 +0000
Received: from mail-lf0-x243.google.com ([2a00:1450:4010:c07::243])
	by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <jonwolski@gmail.com>)
	id 1ehQ4k-0003Us-QL
	for pgsql-docs@lists.postgresql.org; Fri, 02 Feb 2018 01:23:43 +0000
Received: by mail-lf0-x243.google.com with SMTP id h92so29076705lfi.7
        for <pgsql-docs@lists.postgresql.org>;
 Thu, 01 Feb 2018 17:23:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=haIqt+xcWYrI/rocKKYS/9b1xrlDTDGydtYi8jQqpQw=;
        b=Nrwp6HuDJ4eG2n0ikpV2G/ZfGjAckglnM21nh1YRDZwQANOCOlPn4e83LwMDCYjPeZ
         5caz8vdts4pKY65m2uyCOpuigXVEKPy/tTT5L3PPwv9OV9bgLs5DkDiTnxxI3ZCzUjYq
         q26yiCtCEObN7hoB48nC69hKzf+wqSg12iGOrgE/Ss7Krh1oBv9dUNoH7vNGTk6Zvyaz
         MhlvxY2iLMcsCxpI3RMWf1G1OYt9WwTbbVOGd/B/rih5ZM361jKxYjHJHNtz9jhUoISn
         4jmR4a5JXss7OGxJmlJo6e7LBxmZo7OIH6k7/2fQJGmqmupCNgqX3ypX0O4RsVZE15k0
         GlGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=haIqt+xcWYrI/rocKKYS/9b1xrlDTDGydtYi8jQqpQw=;
        b=stjE/XwxIgfwXscfwCeEudBKkJjl1c9qPFrKx0gDAX+i+II7ay1TMxlXqRgI8KcSOA
         NDfjg4JRrGrUhjpkwB2gc2eWzeaIIuUmbuHd/peMXL3h8a555ebYUPfkObINDl388j8u
         WQWGhtvo8GZdRnHZeYl8vWh9T42f3y7P1Qr2114zXnr+b+G2tvTflDSreYA9geAjsiMP
         U0JbaCn2ZIouZcpC07iZg8m+PRGrMNgRy9IDZyudCHOYdqzZcZm3za15ViEGURg5gR+i
         DCteC0SsH7V6Izudmrh6YMJQBD9rfOAjPJS1/D2CzDELDSWLu6Tpe1KpnZ+0qDlkHIv1
         d/Eg==
X-Gm-Message-State: AKwxytcl4cWPJ4Y5VAXcC6JP+KtHrkHV3ObyJDXQmbmGmwvWMudj4U16
	K8sK7zyS7vVePI/x2E6wNbOUhhCKfZEWeA70YhQ=
X-Google-Smtp-Source: 
 AH8x225eQhYq5+6cgQ5vSzKiBJwRKNcJB1GhHxQEpJaTBA7EMzGTDjYaiVgcScJqlS2ynHvHEyQBggp+aU05mYZUdkg=
X-Received: by 10.25.99.129 with SMTP id v1mr22815866lfi.137.1517534611924;
 Thu, 01 Feb 2018 17:23:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.46.80.26 with HTTP; Thu, 1 Feb 2018 17:23:31 -0800 (PST)
In-Reply-To: <5dba9c6c-19fe-6095-ff83-d8d9e29d0e93@2ndquadrant.com>
References: <20180117161459.3623.50555@wrigleys.postgresql.org>
 <5dba9c6c-19fe-6095-ff83-d8d9e29d0e93@2ndquadrant.com>
From: Jon Wolski <jonwolski@gmail.com>
Date: Thu, 1 Feb 2018 19:23:31 -0600
Message-ID: 
 <CABZG8z866RH733UWbKA-oD5J4XE0kQc-LfBrDV+fF=4U=bAsgw@mail.gmail.com>
Subject: Re: removal of md5 from example code
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: pgsql-docs@lists.postgresql.org
Content-Type: multipart/alternative; boundary="94eb2c0e730a7a6de60564308ff9"
List-Id: <pgsql-docs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-docs@lists.postgresql.org>
List-Owner: <mailto:pgsql-docs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-docs>
Precedence: bulk

--94eb2c0e730a7a6de60564308ff9
Content-Type: text/plain; charset="UTF-8"

I think I get it, now.

Is the reason for including the `pass` in the example so that the
documentation can demonstrate `citext` along side case-sensitive text?

If so, I struggle to come up with anything more obvious than a password
hash for a case where case-sensitive comparison of text is necessary. The
only other thing that comes to mind is an external system identifier like a
Salesforce object id of a user. That would not be as universally obvious an
example of case-sensitivity to all PostgreSQL users..

On Tue, Jan 30, 2018 at 10:02 PM, Peter Eisentraut <
peter.eisentraut@2ndquadrant.com> wrote:

> On 1/17/18 11:14, PG Doc comments form wrote:
> > The documentation at
> > https://www.postgresql.org/docs/current/static/citext.html shows an
> example
> > using md5 for password hashes. This is generally a bad practice and not
> > relevant to the feature documented.
> >
> > I recommend removing the password column from this example or replacing
> the
> > md5 hash with something more secure (a secure hash algorithm with a
> salt).
>
> We don't have any other hash functions built in and exposed at the SQL
> level.  (Maybe that is a problem.)  Do you have any other ideas how to
> rewrite that example?
>
> --
> Peter Eisentraut              http://www.2ndQuadrant.com/
> PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
>

--94eb2c0e730a7a6de60564308ff9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I think I get it, now. <br><br>Is the reason for incl=
uding the `pass` in the example so that the documentation can demonstrate `=
citext` along side case-sensitive text? <br><br>If so, I struggle to come u=
p with anything more obvious than a password hash for a case where case-sen=
sitive comparison of text is necessary. The only other thing that comes to =
mind is an external system identifier like a Salesforce object id of a user=
. That would not be as universally obvious an example of case-sensitivity t=
o all PostgreSQL users..<br></div></div><div class=3D"gmail_extra"><br><div=
 class=3D"gmail_quote">On Tue, Jan 30, 2018 at 10:02 PM, Peter Eisentraut <=
span dir=3D"ltr">&lt;<a href=3D"mailto:peter.eisentraut@2ndquadrant.com" ta=
rget=3D"_blank">peter.eisentraut@2ndquadrant.com</a>&gt;</span> wrote:<br><=
blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px=
 #ccc solid;padding-left:1ex">On 1/17/18 11:14, PG Doc comments form wrote:=
<br>
&gt; The documentation at<br>
&gt; <a href=3D"https://www.postgresql.org/docs/current/static/citext.html"=
 rel=3D"noreferrer" target=3D"_blank">https://www.postgresql.org/<wbr>docs/=
current/static/citext.<wbr>html</a> shows an example<br>
&gt; using md5 for password hashes. This is generally a bad practice and no=
t<br>
&gt; relevant to the feature documented.<br>
&gt;<br>
&gt; I recommend removing the password column from this example or replacin=
g the<br>
&gt; md5 hash with something more secure (a secure hash algorithm with a sa=
lt).<br>
<br>
We don&#39;t have any other hash functions built in and exposed at the SQL<=
br>
level.=C2=A0 (Maybe that is a problem.)=C2=A0 Do you have any other ideas h=
ow to<br>
rewrite that example?<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
--<br>
Peter Eisentraut=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <a href=3D=
"http://www.2ndQuadrant.com/" rel=3D"noreferrer" target=3D"_blank">http://w=
ww.2ndQuadrant.com/</a><br>
PostgreSQL Development, 24x7 Support, Remote DBA, Training &amp; Services<b=
r>
</font></span></blockquote></div><br></div>

--94eb2c0e730a7a6de60564308ff9--