Re: encrypted passwords

Tom Lane wrote:
> Hmm. I thought it *was* done, but it looks like Bruce forgot to change
> the actual guc.c value? The docs and postgresql.conf.sample claim the
> default is true...
>
> 2002-06-14 21:29 momjian
>
> * doc/src/sgml/runtime.sgml,
> src/backend/utils/misc/postgresql.conf.sample: Make encryption of
> stored passwords the default, as discussed months ago.
>
> Seem to be one file short on that commit ...

Fixed.

> > (3) (Related to 2b above) Shouldn't we reject an attempt by the user
> > to specify an un-encrypted password that matches the isMD5() test?
>
> No, see above. There are actually three cases here: entering a
> previously encrypted password (in which case do nothing to it regardless
> of the "encrypted" option), entering an uncrypted password with the
> "encrypted" option (apply MD5 transform), or entering an uncrypted
> password with the "unencrypted" option (do nothing).
>
> I suppose we could have instead invented an ALREADY_CRYPTED option
> instead, but we didn't, for reasons I don't recall at the moment;
> but I think it had something to do with making life easier for
> pg_dumpall.

I think there wasn't a reason to make the distinction because it could
be detected automatically, and an admin copying a password from
somewhere else could easily accidentally double-encrypt the password,
which then wouldn't work.

It also allowed auto-migration to encrypted passwords from an old dump
file.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073