db security (md5)

On Mon, 19 Apr 2004, Sally Sally wrote:

I wanted to use md5 authentication method for my pg db. I was initially
using a trust method and I noticed when I switched to md5 I had to assign a
password to the user postgres as it was created without one. Here do I pass
an md5 encrypted string? Also everytime I connect via perl's DBI do I have
to pass it the encrypted string (if so which perl module for md5 encryption
is the best to use?)
I was confused as to whether I should create the password encrypted or
whether postgres saves it encrypted.
Sally

The md5 stuff should be handled by the database and the connection layer
invisibly to you. i.e. when I use php, if it's set to md5 auth, I just
use a connect string like this:

$connect = pg_connect("host=myserver name=bubba password=secretword");

and I'm in. Same goes for setting the password via psql or whatnot:

alter user test with password 'abc';
select * from pg_shadow;
(SNIP)
test | 103 (SNIP) | md5f7dc2e1937940bb8486274edc88cc3c5

"Sally Sally" <dedeb17@hotmail.com> wrote:

I wanted to use md5 authentication method for my pg db. I was initially
using a trust method and I noticed when I switched to md5 I had to assign a
password to the user postgres as it was created without one. Here do I pass
an md5 encrypted string?

No. md5 just refers to the way it's stored in pgsql.

Also everytime I connect via perl's DBI do I have
to pass it the encrypted string (if so which perl module for md5 encryption
is the best to use?)

See above.

I was confused as to whether I should create the password encrypted or
whether postgres saves it encrypted.

The latter.

Jim