Heikki Linnakangas wrote:
> On 06.06.2011 16:58, Robert Haas wrote:
> > On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilvie<cyan.ogilvie@gmail.com> wrote:
> >> This is my first patch, so I hope I've got the process right for submitting
> >> patches.
> >
> > You're doing great. I suspect we do want to either (1) reword what
> > you've done in English, rather than writing it as code, or at least
> > (2) add some SGML markup to the code. Our next CommitFest starts in
> > just over a week, so you should receive some more specific feedback
> > pretty soon.
>
> That is quite complicated to explain in plain English, so some sort of
> pseudo-code is probably a good idea. I would recommend not to formulate
> it as a SQL expression, though. It makes you think you could execute it
> from psql or something. Even if you know that's not how to do it, it
> feels confusing. Maybe something like:
>
> <literal>md5</literal> hex_encode(md5(hex_encode(md5(password username)
> salt)
>
> with some extra markup to make it look pretty.
I have applied the attached doc patch to document this. Thanks for the
report --- it was something we certainly needed to document.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
new file mode 100644
index 19c9686..4fda518
*** a/doc/src/sgml/protocol.sgml
--- b/doc/src/sgml/protocol.sgml
***************
*** 293,302 ****
<listitem>
<para>
The frontend must now send a PasswordMessage containing the
! password encrypted via MD5, using the 4-character salt
! specified in the AuthenticationMD5Password message. If
! this is the correct password, the server responds with an
! AuthenticationOk, otherwise it responds with an ErrorResponse.
</para>
</listitem>
</varlistentry>
--- 293,307 ----
<listitem>
<para>
The frontend must now send a PasswordMessage containing the
! password (with username) encrypted via MD5, then encrypted
! again using the 4-byte random salt specified in the
! AuthenticationMD5Password message. If this is the correct
! password, the server responds with an AuthenticationOk,
! otherwise it responds with an ErrorResponse. The actual
! PasswordMessage can be computed in SQL as <literal>concat('md5',
! md5(concat(md5(concat(password, username)), random-salt)))</>.
! (Keep in mind the <function>md5()</> function returns its
! result as a hex string.)
</para>
</listitem>
</varlistentry>