Quick Links

RE: [HACKERS] Updated TODO list

From:	"John Ridout" <johnridout(at)ctasystems(dot)co(dot)uk>
To:	"'Bruce Momjian'" <maillist(at)candle(dot)pha(dot)pa(dot)us>
Cc:	"'pgsql-hackers'" <pgsql-hackers(at)postgreSQL(dot)org>
Subject:	RE: [HACKERS] Updated TODO list
Date:	1999-07-12 13:45:02
Message-ID:	001501becc6c$bf00fd80$0301010a@johnridout
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

I'm using 6.4 so you may want to ignore everything I say.
I created a new user with create db and create user permission.
With said new user I "select * from pg_shadow". Is that right?

John.

>
> > I can "select * from pgshadow" as the database owner.
>
> Are you saying you can do this as a database owner, not the postgres
> user? I just tried it, and was not able to see the table contents:
>
> xx=> select * from pg_shadow;
> ERROR: pg_shadow: Permission denied.
>
> Yes, only the installation owner can do that. No way to do
> password stuff
> unless the 'postgres' user can access the passwords, righ? Is that a
> problem?
>
>
> > > -----Original Message-----
> > > From: owner-pgsql-hackers(at)postgreSQL(dot)org
> > > [mailto:owner-pgsql-hackers(at)postgreSQL(dot)org]On Behalf Of
> Bruce Momjian
> > > Sent: 09 July 1999 17:41
> > > To: Hannu Krosing
> > > Cc: Gene Sokolov; PostgreSQL-development
> > > Subject: Re: [HACKERS] Updated TODO list
> > >
> > >
> > > > > But we don't, do we? I thougth they were hashed.
> > > >
> > > > do
> > > > select * from pg_shadow;
> > > >
> > > > I think that it was agreed that it is better when they
> > > can't bw snatched
> > > > from
> > > > network than to have them hashed in db.
> > > > Using currently known technologies we must either
> either know the
> > > > original password
> > > > and use challenge-response on net, or else use plaintext
> > > (or equivalent)
> > > > on the wire.
> > >
> > > Yes, I remember now, we hash them with random salt before
> sending them
> > > to the client, and they are only visible to the postgres user.
> > >
> > > --
> > > Bruce Momjian |
http://www.op.net/~candle
> > maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
> > + If your life is a hard drive, | 830 Blythe Avenue
> > + Christ can be your backup. | Drexel Hill,
> > Pennsylvania 19026
> >
> >
>
>

--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026

In response to

Re: [HACKERS] Updated TODO list at 1999-07-12 13:23:25 from Bruce Momjian

Responses

Re: [HACKERS] Updated TODO list at 1999-07-12 14:48:03 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Bruce Momjian	1999-07-12 14:48:03	Re: [HACKERS] Updated TODO list
Previous Message	Peter Eisentraut	1999-07-12 13:34:55	Re: [HACKERS] Hashing passwords (was Updated TODO list)