PostgreSQL md5 connection question

iges

Hi,

server is running rh, postgresql 7.4 and apache 2.0.48 and php 4.3.4.

I have configured postgresql.conf to enable tcp/ip connections on default port 5432 and also password encryption so that user passwords are saved in pg_shadow as md5 hashes. The pga_hba.conf is like

host mydb 192.168.123.0 255.255.255.0 md5

Now i know that md5 hashes in postgresql pg_shadow table are saved like

'md5'.md5($password.$user)

When connecting to db like

$connstr = "dbname=mydb user=iges password=test";
$pgc = pg_connect($connstr);

connection is ok, but when replacing the password part in connection string like

$pass= "md5".md5('testiges');
$connstr = "dbname=mydb user=iges password=$pass";

the connection auth fails, but when checking the hashes made in php and the one in pg_shadow they are identical?!

When md5 auth is set in pg_hba.conf and password encryption in postgresql.conf, do I really need to do md5() in the connection string to avoid sending plain passwords or does postgresql makes it automatically?

Educational explainations highly welcomed 🆒

regards,
iges

Sxooter

Postgresql's libpq, which PHP is using to connect to postgresql, does it automagically.

You're safe.

iges

Regards,
iges