Обсуждение: MD5 use in PL/Perl

Поиск
Список
Период
Сортировка

MD5 use in PL/Perl

От
Marc Rassbach
Дата:
I'd like to be able to only store the database of usernames and passwrods
here locally as a md5 hash.  (in case the black hats come to visit....I'd
like to make life hard for them)  Using AuthPG, I should be able to create
a SQL call to postgres....but there is no native md5 hashing function.

In my ideal blue-sky world....the SQL call would like this:

SELECT name FROM Sample_table WHERE ( (userid='12345') AND
(userhashed=md5out('abc')) )

With the sample table looks like this:
Sample_table:
name    userid    userhashed
fred    12345     900150983cd24fb0d6963f7d28e17f72

I'd get the string 'fred' in name from Sample_table.


Idea 1)  A call to a shell script.    A question was asked back in 1999 if
there was a way to use a shell script in an SQL call.....that person had
no public responses.  Moved onto
Idea 2) use PL/Perl to take in the text to be hashed, and output the
hash.  Read the docs, looked on the list for more examples......


This perl code works as I'm expecting.
use MD5;
my $mdval = new MD5;
my $result ;
my $out;
$mdval->add('abc');
$result = $mdval->digest();
$out= unpack("H*" , $result );
print $out;

Attempting to xlate to PL/Perl

settle=# create function md5out3(varchar) returns varchar(32) as '
settle'# use MD5;
settle'# my $mdval = new MD5;
settle'# my $result ;
settle'# my $out;
settle'# $mdval->add($_[0]);
settle'# $result = $mdval->digest();
settle'# $out= unpack("H*" , $result );
settle'# return $out;'
settle-#  LANGUAGE 'plperl';
CREATE
settle=# select md5out3('fred');
ERROR:  creation of function failed : require trapped by operation mask at
(eval 6) line 2.


So.......

What did I do wrong WRT PL/Perl? (Let me guess....having perl call perl
modules causes breakage)  Should I be trying something different
to get to my desired end goal?

Re: MD5 use in PL/Perl

От
Alex Pilosov
Дата:
On Thu, 28 Dec 2000, Marc Rassbach wrote:

> Idea 1)  A call to a shell script.    A question was asked back in 1999 if
> there was a way to use a shell script in an SQL call.....that person had
> no public responses.  Moved onto
> Idea 2) use PL/Perl to take in the text to be hashed, and output the
> hash.  Read the docs, looked on the list for more examples......
Nice try :) Good idea, however, you should take into account two things:
a) your functions run under "use Safe" and very restricted as far as what
they could do
b) your function is _not_ a package, it is only a sub, and hence cannot
'use' anything.

A thing to try for you is:
a) change plperl, and where it does 'require Safe;' do 'use MD5; require
Safe;', recompile, etc.

b) change plperl and change permit_only(':default') to
permit_only(':default','require')

It MIGHT work. You might have to add more ops that MD5 code uses though...

Good luck :)

Actually, a thing to consider would be to have a 'untrusted' PL/perl
language in postgres with use Safe disabled, along with a 'trusted' one.
(pluntrustedperl? plunsafeperl?) Same could be done for pltcl...

Comments?

Re: MD5 use in PL/Perl

От
Tom Lane
Дата:
Alex Pilosov <alex@pilosoft.com> writes:
> Actually, a thing to consider would be to have a 'untrusted' PL/perl
> language in postgres with use Safe disabled, along with a 'trusted' one.
> (pluntrustedperl? plunsafeperl?) Same could be done for pltcl...

Jan Wieck has already created an 'unsafe' pltcl variant for Pg 7.1.
I see no objection to making an unsafe plperl as well; who wants to
step up to the plate and do the work?

            regards, tom lane