From: | "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk> |
---|---|
To: | "Martijn van Oosterhout" <kleptog(at)svana(dot)org> |
Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au>, "Peter Eisentraut" <peter_e(at)gmx(dot)net>, <pgsql-hackers(at)postgresql(dot)org>, "Andreas Pflug" <pgadmin(at)pse-consulting(dot)de> |
Subject: | Re: [pgadmin-hackers] Client-side password encryption |
Date: | 2005-12-19 10:32:03 |
Message-ID: | E7F85A1B5FF8D44C8A1AF6885BC9A0E4E7EAC6@ratbert.vale-housing.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> -----Original Message-----
> From: Martijn van Oosterhout [mailto:kleptog(at)svana(dot)org]
> Sent: 19 December 2005 09:38
> To: Dave Page
> Cc: Tom Lane; Christopher Kings-Lynne; Peter Eisentraut;
> pgsql-hackers(at)postgresql(dot)org; Andreas Pflug
> Subject: Re: [HACKERS] [pgadmin-hackers] Client-side password
> encryption
>
> On Mon, Dec 19, 2005 at 09:16:19AM -0000, Dave Page wrote:
> > > > > Something like
> > > > > char *pg_gen_encrypted_passwd(const char *passwd, const
> > > > > char *user)
> > > > > with malloc'd result (or NULL on failure) seems more
> future-proof.
>
> > > If programs are really worried about it, they should lookup the
> > > function dynamically rather than statically...
> >
> > For the sake of a simple name change?
>
> The function as stated above doesn't exist yet, so we're adding a new
> function, not changing the name of one. The function that started the
> thread is not even exported by libpq so changing that shouldn't affect
> anybody. Besides, this whole discussion is moot until someone writes
> such a function.
You missunderstand me - we were asked to start using the function in
third party apps and I pointed out that it wasn't exported so we
couldn't. Tom suggested exporting an API friendly version.
As for the name, I meant the DLL name, not the function name.
> As for Windows DLL hell, I don't know a lot about that, but if that's
> such a problem, why didn't the original creators of the windows port
> stick the version number in there from the start. On UNIX, libpq is
> half versioned (the library is, but not the symbols) so I would have
> thought copying that idea would have been obvious.
Because we simply didn't think of it at the time, and it's something
that has irked me ever since.
Regards, Dave.
From | Date | Subject | |
---|---|---|---|
Next Message | Martijn van Oosterhout | 2005-12-19 10:42:00 | Re: [pgadmin-hackers] Client-side password encryption |
Previous Message | Martijn van Oosterhout | 2005-12-19 09:37:36 | Re: [pgadmin-hackers] Client-side password encryption |