Databases
StackOverflow2013
Postsdbo
POPure-ftpd and Postgreql Auth with password salt
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPure-ftpd and Postgreql Auth with password salt
    text
    copied!<p>I've recently begun the task of setting up an PureFTP server. At work we use Postgresql 8.4. The schema essentially boils down to,</p> <pre><code>username text password character(40) password_salt text </code></pre> <p>The <code>password</code> is stored as hash of <code>sha1( password + salt )</code>. Using Postgresql's pgcrypto I can supply a <code>username</code>, and <code>password</code> and find out if the user has auth:</p> <pre><code>SELECT encode( digest( $password ||password_salt, 'sha1' ), 'hex' ) = password AS password_correct , username , password , password_salt FROM contact.person; </code></pre> <p>Now the issue that I'm having is that such a function would require me getting the password into the query. This doesn't seem possible with Pureftp's current implementation of auth-postgresql. It only supports providing:</p> <pre><code>\L is replaced by the login of a user trying to authenticate. \I is replaced by the IP address the client connected to. \P is replaced by the port number the client connected to. \R is replaced by the remote IP address the client connected from. \D is replaced by the remote IPv4 address, as a long decimal number. </code></pre> <p>Is there another way I can do this? I either need to get the password into the query, or get the salt and password out and find another way to write the code in Pureftp.</p> <p>Obviously, I have another option of writing a <a href="http://download.pureftpd.org/pub/pure-ftpd/doc/README.Authentication-Modules" rel="nofollow">custom authentication module</a>, but I would think this basic salting would be supported by the pg module.</p> <h2>References</h2> <ul> <li><a href="http://download.pureftpd.org/pub/pure-ftpd/doc/README.PGSQL" rel="nofollow">Pure FTPd's Postgresql-auth docs</a></li> <li><a href="http://www.postgresql.org/docs/8.4/static/pgcrypto.html" rel="nofollow">Postgresql 8.4's pgcrypto</a></li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload