Home > mailing lists

Re: chkpass Major Issue - compares 'contains' and not 'equal' - Mailing list pgsql-bugs

From	David G. Johnston
Subject	Re: chkpass Major Issue - compares 'contains' and not 'equal'
Date	June 7, 2018 20:09:24
Msg-id	CAKFQuwbkHkCjbg+BtLg-7P+D1Ma=Yn6N=POc+jCjLGdTU3iozg@mail.gmail.com Whole thread Raw
In response to	chkpass Major Issue - compares 'contains' and not 'equal' (Eyedia Tech <eyedia@debjyoti.com>)
Responses	Re: chkpass Major Issue - compares 'contains' and not 'equal' (D'Arcy Cain <darcy@druid.net>)
List	pgsql-bugs

Tree view

On Thursday, June 7, 2018, Eyedia Tech <eyedia@debjyoti.com> wrote:

To replicate use this:

create table "user" (uname text, password chkpass);
insert into "user" values ('user1', 'password')
select * from "user" where uname = 'user1' and password = 'password1'

This is a major issue.

It is also a documented limitation.

The encryption uses the standard Unix function crypt(), and so it suffers from all the usual limitations of that function; notably that only the first eight characters of a password are considered.

https://www.postgresql.org/docs/10/static/chkpass.html

At this point I'd consider its presence here for backward compatibility only and as such the behavior is not something that is likely to be changed.

David J.

pgsql-bugs by date:

From: Dmitry Dolgov
Date: 07 June 2018, 20:08:13
Subject: Re: BUG #15212: Default values in partition tables don't work asexpected and allow NOT NULL violation

From: Tom Lane
Date: 07 June 2018, 20:14:54
Subject: Re: chkpass Major Issue - compares 'contains' and not 'equal'

Re: chkpass Major Issue - compares 'contains' and not 'equal' - Mailing list pgsql-bugs

Previous

Next