Seems more like pilot error than a bug.... On Fri, Feb 2, 2018 at 2:11 PM, Михаил Манерко <asper@tagan.ru> wrote: > If you send an asterisk in the crypt function, the function crashes. > example > > i=# select crypt('123','*'); > ОШИБКА: invalid salt > i=#
Id does not crash,
A crash either kills the server or at least drops your connection to the database. All this did was indicate invalid data (because you didn't use the API correctly) and put you back at a psql prompt.
it just rejects your salt as invalid, probably because it is ( does not look right to me, but I'm not in the mood for fully checking that ).
Well "The salt string also tells crypt() which algorithm to use." and "They use a random value, called the salt" - "*" looks like you trying to specify a specific salt value which is not allowed.
TFM states 'Calculates a crypt(3)-style hash of password. When storing a new password, you need to use gen_salt() to generate a new salt value. To check a password, pass the stored hash value as salt, and test whether the result matches the stored value.'
Maybe someone could add:
HINT: use gen_salt() to generate the salt
to the code, though given that the "salt" argument also accepts a hashed password as input maybe complicates this.
