Eyedia Tech <eyedia@debjyoti.com> writes:
> To replicate use this:
> create table "user" (uname text, password chkpass);
> insert into "user" values ('user1', 'password')
> select * from "user" where uname = 'user1' and password = 'password1'
That would depend on the behavior of your local version of crypt(3),
but historically, that library function uses only the first eight
characters of the password, which explains this example.
> This is a major issue.
We're not going to treat it as such. It's clearly documented, see
https://www.postgresql.org/docs/current/static/chkpass.html
FWIW, chkpass is deprecated and has been removed entirely as of PG 11.
It has a lot of design problems above and beyond its reliance on a
40-year-old encryption spec.
regards, tom lane