| From: | Berend Tober <btober(at)seaworthysys(dot)com> |
|---|---|
| To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
| Cc: | Eugene Prokopiev <prokopiev(at)stc(dot)donpac(dot)ru>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: How to read cleartext user password from pgsql database |
| Date: | 2006-07-14 12:27:59 |
| Message-ID: | 44B78DCF.2090406@seaworthysys.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Martijn van Oosterhout wrote:
> On Fri, Jul 14, 2006 at 03:21:01PM +0400, Eugene Prokopiev wrote:
>>Is it possible to read cleartext user password from pgsql database? In
>>this link
>>http://www.postgresql.org/docs/8.1/interactive/view-pg-user.html
>>explained that password always reads as ********. But I need to use
>>pgsql login/password as authentication info for another service.
>
> You can't get back the cleartext password, it's hashed.
> To see the hashed password you need to bypass the view, see pg_shadow.
> The docs should say something about how the hash is calcualted.
From advice of some previous thread, I developed the following function
to help me remember the password hash:
CREATE OR REPLACE FUNCTION public.authenticate_user(name, name)
RETURNS bool AS
'
DECLARE
ls_usename ALIAS FOR $1;
ls_passwd ALIAS FOR $2;
BEGIN
RETURN EXISTS(SELECT 1 FROM pg_shadow WHERE
''md5''||encode(digest(ls_passwd||ls_usename , ''md5''), ''hex'') = passwd);
END;'
LANGUAGE 'plpgsql' VOLATILE;
So, you can see that pg_shadow.passwd stores the md5 hash of the
concatinated plaintext password and username.
Regards,
Berend Tober
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christian Rengstl | 2006-07-14 12:29:54 | Problem with archive_command |
| Previous Message | Martijn van Oosterhout | 2006-07-14 12:13:22 | Re: How to read cleartext user password from pgsql database |