From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | "D'Arcy J(dot)M(dot) Cain" <darcy(at)druid(dot)net> |
Cc: | Marko Kreen <markokr(at)gmail(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: The Axe list |
Date: | 2008-10-12 16:36:38 |
Message-ID: | 48F22796.9070908@hagander.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
D'Arcy J.M. Cain wrote:
> On Sun, 12 Oct 2008 12:57:58 +0300
> "Marko Kreen" <markokr(at)gmail(dot)com> wrote:
>> On 10/11/08, D'Arcy J.M. Cain <darcy(at)druid(dot)net> wrote:
>>> + if (!random_initialized)
>>> + {
>>> + srandom((unsigned int) time(NULL));
>>> + random_initialized = true;
>>> + }
>> This is bad idea, postgres already does srandom()
>
> Is that new? I added that to my local version at one time because I
> was getting the same salt every time I ran it.
You really should not be using the standard random() function to generat
salts... You need a more secure one.
>>> + if ((result = (char *) palloc(16)) != NULL)
>>> + {
>>> + result[0] = ':';
>>> + strcpy(result + 1, password->password);
>>> + }
>> AFAIK palloc() cannot return NULL?
>
> Really? My program will simply come crashing down if there is a memory
> problem without giving me a chance to clean up?
It will do an ereport() call and clean things up. This is one of the
things that rock with using palloc ;-)
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2008-10-12 17:31:00 | Re: Updates of SE-PostgreSQL 8.4devel patches - Patent problems? |
Previous Message | Tom Lane | 2008-10-12 15:58:23 | Re: The Axe list |