| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Hannu Krosing <hannu(at)trust(dot)ee> |
| Cc: | Gene Sokolov <hook(at)aktrad(dot)ru>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Re: [HACKERS] Updated TODO list |
| Date: | 1999-07-09 16:40:45 |
| Message-ID: | 199907091640.MAA01020@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > But we don't, do we? I thougth they were hashed.
>
> do
> select * from pg_shadow;
>
> I think that it was agreed that it is better when they can't bw snatched
> from
> network than to have them hashed in db.
> Using currently known technologies we must either either know the
> original password
> and use challenge-response on net, or else use plaintext (or equivalent)
> on the wire.
Yes, I remember now, we hash them with random salt before sending them
to the client, and they are only visible to the postgres user.
--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1999-07-09 16:46:31 | Re: Hashing passwords (was Updated TODO list) |
| Previous Message | Bruce Momjian | 1999-07-09 16:39:57 | Re: [HACKERS] Fwd: Joins and links |