Re: Authenticate with hash instead of plaintext password?

* Peter Bex (Peter(dot)Bex(at)xs4all(dot)nl) wrote:
> I could try my hand at providing a patch to switch to, say, bcrypt,
> but I'm pretty unfamiliar with the PostgreSQL source code. If
> nobody else is interested in working on it I can give it a try
> during the holidays.

The code, in general, is very clean. The issues you're going to run
into are questions about protocol support (the hash, in some ways, is
currently part of our PG protocol and so changing that would be a break
in the protocol which would be frowned upon greatly...) and making sure
that things don't break internally. Note that not everything uses libpq
to talk to PG (the JDBC driver, for example, has a completely seperate
implementation of the protocol, as I recall). You'll also need to
address the upgrade path.

If this is implemented as an optional capability, that's more likely to
be acceptable but at the same time might not really 'fix' things.

I, for one, would love to see some work done in this area and would be
happy to help you with any questions you have regarding the code.

> I'm not sure how to deal with the md5 authentication method.
> There is a good point in the -hackers thread above that eavesdroppers
> are probably able to hijack existing connections, but there's no reason
> to take any risks.

We do support SSL also, of course, and we do encourage people to use it
whenever possible and definitely if going across untrusted networks.

Thanks,

Stephen