| From: | "Sverre H(dot) Huseby" <sverrehu(at)online(dot)no> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | You're on SecurityFocus.com for the cleartext passwords. |
| Date: | 2000-05-05 22:40:24 |
| Message-ID: | 20000506004024.W22752@online.no |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Don't know if you know this already, but since april 23, you've been
on SecurityFocus.com for the cleartext passwords in pg_shadow:
http://www.securityfocus.com/bid/1139
I know it has been discussed at least a couple of times before, but in
my opinion this is an issue that needs a solution.
The problem with cleartext passwords is not just that root, postgres
super user or anyone who has legally or illegally got access to the
system can see the passwords a user uses to log in to PostgreSQL. The
problem lies in the well known fact that we tend to use the same
password several places, if not everywhere. With all the passwords
needed these days, that is how it _has_ to be.
The first PostgreSQL based site that gets cracked, will make headlines
stating that passwords have got into the wrong hands. Do we (or you)
want that?
Sverre.
--
<URL:mailto:sverrehu(at)online(dot)no>
<URL:http://home.sol.no/~sverrehu/> Echelon bait: semtex, bin Laden,
plutonium, North Korea, nuclear bomb
| From | Date | Subject | |
|---|---|---|---|
| Next Message | The Hermit Hacker | 2000-05-05 23:25:10 | Re: You're on SecurityFocus.com for the cleartext passwords. |
| Previous Message | Paulo Henrique Rodrigues Pinheiro | 2000-05-05 20:03:06 | Re: ../\...Advice For New Immigrants^^^.. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2000-05-05 22:47:44 | Re: pg_group_name_index corrupt? |
| Previous Message | Tom Lane | 2000-05-05 22:33:28 | Re: pg_group_name_index corrupt? |