| From: | "John Ridout" <johnridout(at)ctasystems(dot)co(dot)uk> |
|---|---|
| To: | "'pgsql-hackers'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | RE: [HACKERS] Updated TODO list |
| Date: | 1999-07-12 09:09:51 |
| Message-ID: | 000301becc46$4e80e640$0301010a@johnridout |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I can "select * from pgshadow" as the database owner.
> -----Original Message-----
> From: owner-pgsql-hackers(at)postgreSQL(dot)org
> [mailto:owner-pgsql-hackers(at)postgreSQL(dot)org]On Behalf Of Bruce Momjian
> Sent: 09 July 1999 17:41
> To: Hannu Krosing
> Cc: Gene Sokolov; PostgreSQL-development
> Subject: Re: [HACKERS] Updated TODO list
>
>
> > > But we don't, do we? I thougth they were hashed.
> >
> > do
> > select * from pg_shadow;
> >
> > I think that it was agreed that it is better when they
> can't bw snatched
> > from
> > network than to have them hashed in db.
> > Using currently known technologies we must either either know the
> > original password
> > and use challenge-response on net, or else use plaintext
> (or equivalent)
> > on the wire.
>
> Yes, I remember now, we hash them with random salt before sending them
> to the client, and they are only visible to the postgres user.
>
> --
> Bruce Momjian | http://www.op.net/~candle
> maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
> + If your life is a hard drive, | 830 Blythe Avenue
> + Christ can be your backup. | Drexel Hill,
> Pennsylvania 19026
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mattias Kregert | 1999-07-12 11:33:03 | Re: [HACKERS] Re: Hashing passwords (was Updated TODO list) |
| Previous Message | Maarten Boekhold | 1999-07-12 07:56:54 | Re: [HACKERS] Fwd: Joins and links |