Re: MD5-based passwords

From: Barry Lind <barry(at)xythos(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Ned Wolpert <wolpert(at)yahoo(dot)com>, psql-jdbc <pgsql-jdbc(at)postgresql(dot)org>
Subject: Re: MD5-based passwords
Date: 2001-11-09 03:31:23
Message-ID: 3BEB4E0B.7000109@xythos.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

Tom,

I agree with your comments. Especially now that the revised patch moves
most of the logic out into a separate class, there is little risk that
anything other than MD5 authentication will be impacted.

I intend to apply this MD5 patch tomorrow, unless anyone objects.

thanks,
--Barry

Tom Lane wrote:

> Ned Wolpert <wolpert(at)yahoo(dot)com> writes:
>
>>Well, if we're talking about 7.2 versus 7.3, I'd rather see them in the
>>7.2 release. If, however, we're talking about 7.2 version 7.2.x, then
>>we may want to wait until 7.2.x.
>>
>
> Standard procedure for the Postgres project has always been that
> dot-releases contain no new features, only bug-fixes (and, usually,
> only fairly critical ones).
>
> I think that it's okay to add the jdbc MD5 password code now; we can
> call it a bug fix on either of two grounds:
>
> (a) if you stand back far enough that jdbc is indistinguishable
> from the rest of the system, then this is arguably
> completion of an existing feature, not adding a new one.
>
> (b) in any case, JDBC users will certainly see it as a bug
> if everyone but them can use MD5 passwords.
>
> Also, if the code proves to have bugs, what's the downside? Only that
> JDBC users will be unable to use MD5 passwords; but that will certainly
> be true if we don't try. So I think I'd go for it.
>
> On the other hand, some of the other stuff Dave mentioned sounded like
> whole new features, and since we are in beta now I think the "no new
> features during beta" rule ought to apply.
>
> Just my $0.02 ...
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>
>

In response to

Browse pgsql-jdbc by date

  From Date Subject
Next Message Barry Lind 2001-11-09 03:46:36 Re: MD5-based passwords
Previous Message Barry Lind 2001-11-09 03:27:18 Re: [HACKERS] MD5-based passwords