removal of md5 from example code

On 1/17/18 11:14, PG Doc comments form wrote:

The documentation at
https://www.postgresql.org/docs/current/static/citext.html shows an example
using md5 for password hashes. This is generally a bad practice and not
relevant to the feature documented.

I recommend removing the password column from this example or replacing the
md5 hash with something more secure (a secure hash algorithm with a salt).

We don't have any other hash functions built in and exposed at the SQL
level. (Maybe that is a problem.) Do you have any other ideas how to
rewrite that example?

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

I think I get it, now.

Is the reason for including the `pass` in the example so that the
documentation can demonstrate `citext` along side case-sensitive text?

If so, I struggle to come up with anything more obvious than a password
hash for a case where case-sensitive comparison of text is necessary. The
only other thing that comes to mind is an external system identifier like a
Salesforce object id of a user. That would not be as universally obvious an
example of case-sensitivity to all PostgreSQL users..

On Tue, Jan 30, 2018 at 10:02 PM, Peter Eisentraut <
peter.eisentraut@2ndquadrant.com> wrote:

On 1/17/18 11:14, PG Doc comments form wrote:

The documentation at
https://www.postgresql.org/docs/current/static/citext.html shows an example
using md5 for password hashes. This is generally a bad practice and not
relevant to the feature documented.

I recommend removing the password column from this example or replacing the
md5 hash with something more secure (a secure hash algorithm with a salt).

This has been fixed in the master branch.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services