| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Gene Sokolov <hook(at)aktrad(dot)ru> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Hashing passwords (was Updated TODO list) |
| Date: | 1999-07-09 16:46:31 |
| Message-ID: | 199907091646.MAA01244@candle.pha.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> From: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>
> > > > ADMIN
> > > >
> > > How about:
> > > * Not storing passwords in plain text
> >
> > But we don't, do we? I thougth they were hashed.
>
> maybe I miss something but it does not look so to me:
>
> [PostgreSQL 6.5.0 on i386-unknown-freebsd3.2, compiled by gcc 2.7.2.1]
>
> test1=> select * from pg_shadow;
> usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd|valuntil
> --------+--------+-----------+--------+--------+---------+------+-----------
> -----------------
> postgres| 2000|t |t |t |t | |Sat Jan 31
> 09:00:00 2037 MSK
> afmmgr | 2001|f |t |f |t |mgrpwd|
> afmusr | 2002|f |t |f |t |usrpwd|
> (3 rows)
Yes, I remember now. We keep them in clear, because we send random
salt-encrypted versions over the wire. Only Postgresql can read this
table.
--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jackson, DeJuan | 1999-07-09 17:00:20 | Regression Test fail to run if PLPGSQL in template1 |
| Previous Message | Bruce Momjian | 1999-07-09 16:40:45 | Re: [HACKERS] Updated TODO list |