| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Vince Vielhaber <vev(at)michvhf(dot)com> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, The Hermit Hacker <scrappy(at)hub(dot)org>, "Sverre H(dot) Huseby" <sverrehu(at)online(dot)no>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: You're on SecurityFocus.com for the cleartext passwords. |
| Date: | 2000-05-06 20:15:42 |
| Message-ID: | 11612.957644142@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Vince Vielhaber <vev(at)michvhf(dot)com> writes:
> How about ODBC? This is from the ODBC driver source connection.c:
> self->errormsg = "Password crypt authentication not supported";
> Is that because of the platform it's running on or what it's talking
> to?
I think the ODBC authors didn't want to assume that libcrypt() is
available on the client side (which is probably right for Windows and
Mac at least). Standardizing on our own implementation of MD5 would
sidestep that problem quite neatly.
Depending on libcrypt is pretty painful even in Unix environments;
have you seen what we have to do to get it to work in shared-library
contexts, on machines where libcrypt is a separate shlib and not part of
libc? Yech. We could get rid of a bunch of cruft in the makefiles by
abandoning crypt() ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2000-05-06 20:19:14 | Re: You're on SecurityFocus.com for the cleartext passwords. |
| Previous Message | Tom Lane | 2000-05-06 20:09:04 | Re: You're on SecurityFocus.com for the cleartext passwords. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2000-05-06 20:19:14 | Re: You're on SecurityFocus.com for the cleartext passwords. |
| Previous Message | Tom Lane | 2000-05-06 20:09:04 | Re: You're on SecurityFocus.com for the cleartext passwords. |