D'Arcy J.M. Cain wrote:
> On Sun, 12 Oct 2008 12:57:58 +0300
> "Marko Kreen" <[EMAIL PROTECTED]> wrote:
>> On 10/11/08, D'Arcy J.M. Cain <[EMAIL PROTECTED]> wrote:
>>> + if (!random_initialized)
>>> + {
>>> + srandom((unsigned int) time(NULL));
>>> + random_initialized = true;
>>> + }
>> This is bad idea, postgres already does srandom()
>
> Is that new? I added that to my local version at one time because I
> was getting the same salt every time I ran it.
You really should not be using the standard random() function to generat
salts... You need a more secure one.
>>> + if ((result = (char *) palloc(16)) != NULL)
>>> + {
>>> + result[0] = ':';
>>> + strcpy(result + 1, password->password);
>>> + }
>> AFAIK palloc() cannot return NULL?
>
> Really? My program will simply come crashing down if there is a memory
> problem without giving me a chance to clean up?
It will do an ereport() call and clean things up. This is one of the
things that rock with using palloc ;-)
//Magnus
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
