Home > mailing lists

BUG #1134: ALTER USER ... RENAME breaks md5 passwords - Mailing list pgsql-bugs

From	PostgreSQL Bugs List
Subject	BUG #1134: ALTER USER ... RENAME breaks md5 passwords
Date	April 18, 2004 09:52:08
Msg-id	20040418095204.4D0E6CF5628@www.postgresql.com Whole thread Raw
List	pgsql-bugs

Tree view

The following bug has been logged online:

Bug reference:      1134
Logged by:          Fabien COELHO

Email address:      coelho@cri.ensmp.fr

PostgreSQL version: 7.5 Dev

Operating system:   any

Description:        ALTER USER ... RENAME breaks md5 passwords

Details:

If you rename a user with a md5 password, the
password is broken. md5 passwords are the default,
so it means that renaming a user with a password
does not work by default.

This is because the username is used implicitly as salt. This was a bad idea
(tm).

Fixing this has implications on the client/server
protocol for md5 authentication. If you're going
to fix it some day, consider also adding more
characters to the server nonce used in the protocol.

pgsql-bugs by date:

From: Tom Lane
Date: 16 April 2004, 14:09:39
Subject: Re: [7.4.2] Still "variable not found in subplan target lists"

From: Andreas Pflug
Date: 18 April 2004, 10:50:17
Subject: Re: [7.4.2] Still "variable not found in subplan target lists"

BUG #1134: ALTER USER ... RENAME breaks md5 passwords - Mailing list pgsql-bugs

Previous

Next