Re: [GENERAL] SHA1 on postgres 8.3
От | Magnus Hagander |
---|---|
Тема | Re: [GENERAL] SHA1 on postgres 8.3 |
Дата | |
Msg-id | 20080402174928.0e6d2f81@mha-laptop обсуждение исходный текст |
Ответ на | Re: [GENERAL] SHA1 on postgres 8.3 (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: [GENERAL] SHA1 on postgres 8.3
Re: [GENERAL] SHA1 on postgres 8.3 |
Список | pgsql-hackers |
Tom Lane wrote: > "Greg Sabino Mullane" <greg@turnstep.com> writes: > > I don't agree that we should just close discussion. Nobody seems > > happy with the status quo, which is that we provide md5 but not > > sha1, > > There may be a few people who are unhappy, but the above claim seems > vastly overblown. md5 is sufficient for the purpose it is intended > for in core postgres (namely, obscuring the true source text of > passwords), and if you have needs much beyond that you'll soon be > installing pgcrypto anyway. I think that claim is completely incorrect. A lot of people use the md5() function in PostgreSQL today to hash the passwords for the users of whatever webbapp they are running. It only uses one account to connect to PostgreSQL and handles the rest of the auth elsewhere in the app. These users would like to have sha1 (and/or other securer hashes). And they would like it in -core, because their hosting company don't install the contrib modules. //Magnus
В списке pgsql-hackers по дате отправления: