Postgres Pro
Downloads
Home   >   mailing lists

Thread: db security (md5)

db security (md5)

From
"Sally Sally"
Date:
I wanted to use md5 authentication method for my pg db. I was initially
using a trust method and I noticed when I switched to md5 I had to assign a
password to the user postgres as it was created without one. Here do I pass
an md5 encrypted string? Also everytime I connect via perl's DBI do I have
to pass it the encrypted string (if so which perl module for md5 encryption
is the best to use?)
I was confused as to whether I should create the password encrypted or
whether postgres saves it encrypted.
Sally

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar � get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/

Re: db security (md5)

From
"scott.marlowe"
Date:
On Mon, 19 Apr 2004, Sally Sally wrote:

> I wanted to use md5 authentication method for my pg db. I was initially
> using a trust method and I noticed when I switched to md5 I had to assign a
> password to the user postgres as it was created without one. Here do I pass
> an md5 encrypted string? Also everytime I connect via perl's DBI do I have
> to pass it the encrypted string (if so which perl module for md5 encryption
> is the best to use?)
> I was confused as to whether I should create the password encrypted or
> whether postgres saves it encrypted.
> Sally

The md5 stuff should be handled by the database and the connection layer
invisibly to you.  i.e. when I use php, if it's set to md5 auth, I just
use a connect string like this:

$connect = pg_connect("host=myserver name=bubba password=secretword");

and I'm in.  Same goes for setting the password via psql or whatnot:

alter user test with password 'abc';
select * from pg_shadow;
(SNIP)
test     |      103 (SNIP) | md5f7dc2e1937940bb8486274edc88cc3c5

Re: db security (md5)

From
jseymour@LinxNet.com (Jim Seymour)
Date:
"Sally Sally" <dedeb17@hotmail.com> wrote:
>
> I wanted to use md5 authentication method for my pg db. I was initially
> using a trust method and I noticed when I switched to md5 I had to assign a
> password to the user postgres as it was created without one. Here do I pass
> an md5 encrypted string?

No.  md5 just refers to the way it's stored in pgsql.

>                          Also everytime I connect via perl's DBI do I have
> to pass it the encrypted string (if so which perl module for md5 encryption
> is the best to use?)

See above.

> I was confused as to whether I should create the password encrypted or
> whether postgres saves it encrypted.

The latter.

Jim