Authenticate with hash instead of plaintext password?
От | Murray Cumming |
---|---|
Тема | Authenticate with hash instead of plaintext password? |
Дата | |
Msg-id | 1355673270.18581.7.camel@murrayc-ThinkPad-X220 обсуждение исходный текст |
Ответы |
Re: Authenticate with hash instead of plaintext password?
|
Список | pgsql-general |
libpq lets me open a connection by specifying a password: http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS Is there any way to specify a hash of the password when connecting, instead of providing the password itself? My Web UI asks the user for a PostgreSQL username and password, and I want to avoid asking the user for the password again later, as long as they have the browser cookie that I set. I've looked at the source of phpPgAdmin, which should deal with the same issue, but that seems to store the plaintext password in the session, which might even mean that the plaintext password ends up on disk, though I don't know enough about PHP to be sure. I understand that libpq already sends only an MD5 hash to the PostgreSQL server, when it's configured to use MD5 authentication. But I don't want to have to provide a plaintext password to libpq. -- murrayc@murrayc.com www.murrayc.com www.openismus.com
В списке pgsql-general по дате отправления: