| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Gene Sokolov <hook(at)aktrad(dot)ru> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: [HACKERS] Updated TODO list |
| Date: | 1999-07-14 15:01:42 |
| Message-ID: | 199907141501.LAA22755@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > Doing the random salt over the wire would still be a problem.
>
> There is absolutely no technical problem with storing hashed passwords and
> still sending salted hash over the wire. It was recently discussed in detail
> in "Hashing passwords" thread in pgsql-hackers list.
But you are hashing it with a secret known by the database adminstrator,
and someone knows any password, like their own, can guess the secret by
looking at the hashed version, no?
--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1999-07-14 15:02:23 | Re: [HACKERS] MAX Query length |
| Previous Message | Michael Richards | 1999-07-14 14:51:31 | Re: [HACKERS] Counting bool flags in a complex query |