From: | "D(dot) Dante Lorenso" <dlorenso(at)afai(dot)com> |
---|---|
To: | <pgsql-hackers(at)hub(dot)org> |
Subject: | Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
Date: | 1998-02-19 18:15:18 |
Message-ID: | 01bd3d62$55af8ee0$3a151ecf@redhat.afai.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
does it matter if people are able to see the passwords? I mean,
if the passwords are stored in a table (preferable encrypted), and
the table is only readable (select, insert, etc...) by the superuser
or those of equal grant rights), then who cares?
Dante
.------------------------------------------.-----------------------.
| _ dlorenso(at)afai(dot)com - D. Dante Lorenso | Network Administrator |
| | | ___ _ _ ___ __ _ ___ ___ | |
| | |__ / o \| '_|/ o_\| \ |\_ _\/ o \ | Accounting Firms |
| |____|\___/|_| \___/|_|\_|\___|\___/ | Associated, inc. |
| http://www.afai.com/~dlorenso | http://www.afai.com/ |
'------------------------------------------'-----------------------'
-----Original Message-----
From: Brett McCormick <brett(at)work(dot)chicken(dot)org>
To: Jan Wieck <jwieck(at)debis(dot)com>
Cc: Zeugswetter Andreas SARZ <Andreas(dot)Zeugswetter(at)telecom(dot)at>;
pgsql-hackers(at)hub(dot)org <pgsql-hackers(at)hub(dot)org>
Date: Thursday, February 19, 1998 12:53 PM
Subject: Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
>
>Have we considering using the unix crypt function for passwords? That
>way it wouldn't matter (as much) if people saw the password, and would
>still be (somewhat less) secure.
>
>On Thu, 19 February 1998, at 15:55:07, Jan Wieck wrote:
>
>> Cracked!
>>
>> create table get_passwds (usename name, passwd text);
>> insert into get_passwds select usename, passwd from pg_user;
>> select * from get_passwds;
>> usename|passwd
>> -------+------
>> pgsql |
>> wieck |test
>> (2 rows)
>>
>>
>>
>> Sorry, Jan
>>
>> --
>>
>> #======================================================================#
>> # It's easier to get forgiveness for being wrong than for being right. #
>> # Let's break this rule - forgive me. #
>> #======================================== jwieck(at)debis(dot)com (Jan Wieck) #
>>
>>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 1998-02-19 18:16:23 | Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
Previous Message | D. Dante Lorenso | 1998-02-19 18:08:37 | Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) |