Обсуждение: db security (md5)
I wanted to use md5 authentication method for my pg db. I was initially using a trust method and I noticed when I switched to md5 I had to assign a password to the user postgres as it was created without one. Here do I pass an md5 encrypted string? Also everytime I connect via perl's DBI do I have to pass it the encrypted string (if so which perl module for md5 encryption is the best to use?) I was confused as to whether I should create the password encrypted or whether postgres saves it encrypted. Sally _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar � get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/
On Mon, 19 Apr 2004, Sally Sally wrote:
> I wanted to use md5 authentication method for my pg db. I was initially
> using a trust method and I noticed when I switched to md5 I had to assign a
> password to the user postgres as it was created without one. Here do I pass
> an md5 encrypted string? Also everytime I connect via perl's DBI do I have
> to pass it the encrypted string (if so which perl module for md5 encryption
> is the best to use?)
> I was confused as to whether I should create the password encrypted or
> whether postgres saves it encrypted.
> Sally
The md5 stuff should be handled by the database and the connection layer
invisibly to you. i.e. when I use php, if it's set to md5 auth, I just
use a connect string like this:
$connect = pg_connect("host=myserver name=bubba password=secretword");
and I'm in. Same goes for setting the password via psql or whatnot:
alter user test with password 'abc';
select * from pg_shadow;
(SNIP)
test | 103 (SNIP) | md5f7dc2e1937940bb8486274edc88cc3c5
"Sally Sally" <dedeb17@hotmail.com> wrote: > > I wanted to use md5 authentication method for my pg db. I was initially > using a trust method and I noticed when I switched to md5 I had to assign a > password to the user postgres as it was created without one. Here do I pass > an md5 encrypted string? No. md5 just refers to the way it's stored in pgsql. > Also everytime I connect via perl's DBI do I have > to pass it the encrypted string (if so which perl module for md5 encryption > is the best to use?) See above. > I was confused as to whether I should create the password encrypted or > whether postgres saves it encrypted. The latter. Jim