Re: MD5-based passwords

> On Wed, Nov 07, 2001 at 12:27:53AM -0500, Bruce Momjian wrote:
> > > Hey folks,
> > >
> > > I don't see MD5-based password code in the JDBC CVS tree. Is anyone
> > > working on this?
> > >
> > > I'll take a stab, if not.
> >
> > There is no one working on it. ODBC needs it too. It wasn't on the
> > TODO list but I just added it.
> >
> > I can assist with any questions. See libpq for a sample implementation.
>
> OK, how about this? Someone will have to help me with appropriate exception
> behavior and where the bytesToHex util is placed.
>
> I'm not clear on the SendInteger(5 + .. code, seen elsewhere. Why isn't
> this (4 + ...?

I think the 5+ is correct. Looking at fe-auth.c, I see:

ret = pqPacketSend(conn, crypt_pwd, strlen(crypt_pwd) + 1);

and pqPacketSend() has:

if (pqPutInt(4 + len, 4, conn))

so I think it is the +1 and the +4 added together to make 5. If you
want to put 4+1+, that would be fine too and perhaps be clearer.

One more question. Have you tested this against a 7.2 backend to see if
it actually does MD5 encryption correctly?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026