Home > mailing lists

Re: Modern SHA2- based password hashes for pgcrypto - Mailing list pgsql-hackers

From	Bernd Helmle
Subject	Re: Modern SHA2- based password hashes for pgcrypto
Date	April 7 14:48:49
Msg-id	6fab35422df6b6b9727fdcc243c5fa1c667dd3b5.camel@oopsware.de Whole thread Raw
In response to	Re: Modern SHA2- based password hashes for pgcrypto (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Modern SHA2- based password hashes for pgcrypto
List	pgsql-hackers

Tree view

Am Sonntag, dem 06.04.2025 um 15:43 -0400 schrieb Tom Lane:
> I'd be more comfortable with a check like
>
>     if (strchr("...valid chars...", *ep) != NULL)
>
> It looks like "_crypt_itoa64" might be directly usable as the
> valid-chars string, too.  (BTW, why is _crypt_itoa64 not
> marked const?)

Here is a patch that tries to address all these issues (including
Andres' report). I've adjusted the error message and use ereport(), so
it might be more useful if we deal with not just single byte letters.

I've also changed _crypt_itoa64 from unsigned char to char, since this
seems what strchr() expects (at least on my machine) and we don't deal
specifically elsewhere with that.


Thanks,
    Bernd

Attachment

0001-Follow-up-fixes-for-commit-749a9e20c9790006f3af47f7a.patch

pgsql-hackers by date:

From: Ashutosh Bapat
Date: 07 April, 14:33:30
Subject: Re: [PATCH] clarify palloc comment on quote_literal_cstr

From: wenhui qiu
Date: 07 April, 15:02:04
Subject: Re: An incorrect check in get_memoize_path

Re: Modern SHA2- based password hashes for pgcrypto - Mailing list pgsql-hackers

Attachment

Previous

Next