Postgres Pro
Downloads
Home   >   mailing lists

Thread: BUG #1905: When a column with the chkpass datatype is used in a where clause it returns invalid results

BUG #1905: When a column with the chkpass datatype is used in a where clause it returns invalid results

From
"Trevor Tingey"
Date:
The following bug has been logged online:

Bug reference:      1905
Logged by:          Trevor Tingey
Email address:      ttingey@gmail.com
PostgreSQL version: 8.1 beta 2
Operating system:   Windows XP Home Edition SP 2
Description:        When a column with the chkpass datatype is used in a
where clause it returns invalid results
Details:

My schema is as follows:

CREATE TABLE account
(
  "AccountId" int4 NOT NULL DEFAULT
nextval('public."account_AccountId_seq"'::text),
  "AccountName" varchar(255) NOT NULL,
  "Password" chkpass,
  "Description" varchar(255),
  CONSTRAINT account_pkey PRIMARY KEY ("AccountId"),
  CONSTRAINT "account_Username_key" UNIQUE ("AccountName")
)
WITHOUT OIDS;


I ran the following queries and got unexpected results:

UPDATE Account
SET "Password" = 'password1'
WHERE "AccountName" = 'Trevor'

SELECT *
FROM Account
WHERE "AccountName" = 'Trevor'
AND "Password" = 'password2'

(I ran them individually)

The Select query unexpectedly returned a result. I also  added another digit
on the end of 'password2' i.e. 'password21' and that returned the same
result. I also changed it to 'password3' etc. and got the same result and
the same with 'password'. When I changed it to 'passwor1' it did not return
a result.

Running SELECT * FROM Account returns two rows, one with the accountname of
'administrator' and the other 'Trevor'.

Re: BUG #1905: When a column with the chkpass datatype is used in a where clause it returns invalid results

From
Tom Lane
Date:
"Trevor Tingey" <ttingey@gmail.com> writes:
> I ran the following queries and got unexpected results:

> UPDATE Account
> SET "Password" = 'password1'
> WHERE "AccountName" = 'Trevor'

> SELECT *
> FROM Account
> WHERE "AccountName" = 'Trevor'
> AND "Password" = 'password2'

> (I ran them individually)

> The Select query unexpectedly returned a result.

This is not a bug --- chkpass limits passwords to 8 significant
characters, so the above two values are in fact equal so far as
the datatype is concerned.

(The documentation probably ought to point that out...)

            regards, tom lane