| From: | Tim Ellis <pvspam-postgres(at)hacklab(dot)net> |
|---|---|
| To: | Rob Abernethy IV <abernethy(at)dynedge(dot)com> |
| Cc: | postgresql <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Encrypted Passwords |
| Date: | 2003-01-13 20:11:13 |
| Message-ID: | 1042488673.23675.215.camel@timetop |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
> The problem
> is that Tomcat computes the digest without a salt and, therefore,
> authentication is failing because the two digested versions of the same
> password are different.
If there is not a feature within Tomcat to allow adding the username as
a salt to the MD5 hash, then Tomcat is broken. This is so common, I
cannot imagine any product bothering to implement MD5 hashing without
allowing a fairly generic salting API call.
Thankfully, Tomcat comes with source, so it can be fixed if, indeed, it
is broken.
Do not waste any energy trying to get Postgres to not salt the hash,
you'd be using energy ruining one product instead of fixing another.
--
Tim Ellis
Senior Database Architect
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurette Cisneros | 2003-01-13 20:45:49 | Re: crypto? |
| Previous Message | Tom Lane | 2003-01-13 20:10:39 | Re: Database logging.... Recycle server logs ??? |