| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Gene Sokolov <hook(at)aktrad(dot)ru> |
| Cc: | Jan Wieck <jwieck(at)debis(dot)com>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: [HACKERS] Updated TODO list |
| Date: | 1999-07-13 16:55:59 |
| Message-ID: | 199907131655.MAA25684@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
[Charset koi8-r unsupported, filtering to ASCII...]
> From: Jan Wieck <wieck(at)debis(dot)com>
> > >
> > > I can "select * from pgshadow" as the database owner.
> > >
> >
> > You must be a database superuser or a superuser must have
> > granted SELECT right for pg_shadow to you.
> >
> >
> > Jan
>
> DB admin has no business knowing other's passwords. The current security
> scheme is seriously flawed.
>
But it is the db passwords, not the Unix passwords. How are we supposed
to make this work if the db doesn't know the passwords, AND use random
salt over the wire?
--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 1999-07-13 17:20:18 | Re: [HACKERS] Updated TODO list |
| Previous Message | Tom Lane | 1999-07-13 15:33:23 | Re: [HACKERS] PostgreSQL v6.5 - Tagged |