D'Arcy J.M. Cain wrote:
> On Sun, 12 Oct 2008 12:57:58 +0300
> "Marko Kreen" <markokr@gmail.com> wrote:
>> On 10/11/08, D'Arcy J.M. Cain <darcy@druid.net> wrote:
>>> + if (!random_initialized)
>>> + {
>>> + srandom((unsigned int) time(NULL));
>>> + random_initialized = true;
>>> + }
>> This is bad idea, postgres already does srandom()
>
> Is that new? I added that to my local version at one time because I
> was getting the same salt every time I ran it.
You really should not be using the standard random() function to generat
salts... You need a more secure one.
>>> + if ((result = (char *) palloc(16)) != NULL)
>>> + {
>>> + result[0] = ':';
>>> + strcpy(result + 1, password->password);
>>> + }
>> AFAIK palloc() cannot return NULL?
>
> Really? My program will simply come crashing down if there is a memory
> problem without giving me a chance to clean up?
It will do an ereport() call and clean things up. This is one of the
things that rock with using palloc ;-)
//Magnus