in python I can connect a PostgreSQL database with the following code:
db = postgresql.open(“pq://$user:$pass@$host:$port/$dbname”)
But in the above line I have to enter the plaintext password and then py-postgresql will hash it to compare with the hash value stored in PostgreSQL database. If I want to use the password hashed by MD5 by myself, which means I don’t want py-postgresql to do the hashing for me. How can I do it? I tried to modify the source code of py-postgresql, but I couldn’t find where is the hashing happens. Then I find the in the settings of py-postgresql I can enable SSL-mode. Can someone give me a simple example about how to set it?
Kind regards.
The way DB-API works is by supplying the plaintext password. Furthermore,
py-postgresqldoes not do the password hashing/verification, the server does it as part of the connection handshake (seepg_hba.confas to how/why it does it).If you are looking at securing the transmission of the password, use the
SSLconnection protocol instead of the plaintext one. TheSSLmode will also encrypt all data transmitted between the server and the client.