Re: WIP: AuthenticationMD5 protocol documentation clarification

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: WIP: AuthenticationMD5 protocol documentation clarification
Дата
Msg-id 201110140050.p9E0o5T21875@momjian.us
обсуждение исходный текст
Ответ на Re: WIP: AuthenticationMD5 protocol documentation clarification  (Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>)
Список pgsql-hackers
Дерево обсуждения 
Heikki Linnakangas wrote:
> On 06.06.2011 16:58, Robert Haas wrote:
> > On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilvie<cyan.ogilvie@gmail.com>  wrote:
> >> This is my first patch, so I hope I've got the process right for submitting
> >> patches.
> >
> > You're doing great.  I suspect we do want to either (1) reword what
> > you've done in English, rather than writing it as code, or at least
> > (2) add some SGML markup to the code.  Our next CommitFest starts in
> > just over a week, so you should receive some more specific feedback
> > pretty soon.
>
> That is quite complicated to explain in plain English, so some sort of
> pseudo-code is probably a good idea. I would recommend not to formulate
> it as a SQL expression, though. It makes you think you could execute it
> from psql or something. Even if you know that's not how to do it, it
> feels confusing. Maybe something like:
>
> <literal>md5</literal> hex_encode(md5(hex_encode(md5(password username)
> salt)
>
> with some extra markup to make it look pretty.

I have applied the attached doc patch to document this.  Thanks for the
report --- it was something we certainly needed to document.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
new file mode 100644
index 19c9686..4fda518
*** a/doc/src/sgml/protocol.sgml
--- b/doc/src/sgml/protocol.sgml
***************
*** 293,302 ****
        <listitem>
         <para>
          The frontend must now send a PasswordMessage containing the
!         password encrypted via MD5, using the 4-character salt
!         specified in the AuthenticationMD5Password message.  If
!         this is the correct password, the server responds with an
!         AuthenticationOk, otherwise it responds with an ErrorResponse.
         </para>
        </listitem>
       </varlistentry>
--- 293,307 ----
        <listitem>
         <para>
          The frontend must now send a PasswordMessage containing the
!         password (with username) encrypted via MD5, then encrypted
!         again using the 4-byte random salt specified in the
!         AuthenticationMD5Password message.  If this is the correct
!         password, the server responds with an AuthenticationOk,
!         otherwise it responds with an ErrorResponse.  The actual
!         PasswordMessage can be computed in SQL as <literal>concat('md5',
!         md5(concat(md5(concat(password, username)), random-salt)))</>.
!         (Keep in mind the <function>md5()</> function returns its
!         result as a hex string.)
         </para>
        </listitem>
       </varlistentry>

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: patch for new feature: Buffer Cache Hibernation
Следующее
От: Bruce Momjian
Дата:
Сообщение: Re: WALInsertLock tuning