Обсуждение: How to interpret the salt sent in the AuthenticationMD5Password message from the server.
How to interpret the salt sent in the AuthenticationMD5Password message from the server.
От
PG Doc comments form
Дата:
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/12/protocol-message-types.html Description: I'm creating a postgresql client in gdscript (you can answer my question even if you don't know how to code in gdscript). To do this I use the postgresql protocol specification (https://www.postgresql.org/docs/current/protocol-flow.html) I managed to contact the server and it asks me for "AuthenticationMD5Password", but I cannot identify myself. I followed the procedure to generate the password described on the page but I get a server error. with this sql formula that I adapted in gdscript: concat('md5', md5(concat(md5(concat(password, username)), random-salt))) With "password" the value "test", "username" the value "test" and "random-salt" the value "98dec364". We obtain: md5936597c6b72ab2681ca01dca38b17da0 I get the following error: Message: password authentication failed for user "test" SQLSTATE code: 28P01 it seems to come from salt, is the format really an ascii string or an exadecimal string? I tried translating it to ascii and I get unprintable characters and the server still gives me the same error. In short, what is the format of the salt sent to the server? In the documentation it seems that the bytes are ascii characters but that doesn't work. Thank you in advance...
PG Doc comments form <noreply@postgresql.org> writes: > In short, what is the format of the salt sent to the server? I think you might have a conceptual error here. The salt is sent from the server to you, not the other way around. It's just four random bytes in the AuthenticationMD5Password message, which I'm pretty sure you should incorporate verbatim in your MD5 input. The bytes are just binary data, they're not ASCII or encoded in some way. regards, tom lane