From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Vince Vielhaber <vev(at)michvhf(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, The Hermit Hacker <scrappy(at)hub(dot)org>, "Sverre H(dot) Huseby" <sverrehu(at)online(dot)no>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: You're on SecurityFocus.com for the cleartext passwords. |
Date: | 2000-05-06 17:21:16 |
Message-ID: | 200005061721.NAA18123@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
> But what I'm proposing will let ALL clients send an encrypted password
> over the wire and we can also store them encrypted. By comparing twice
> we can maintain backward compatibility. The backend would compare the
> password received with the stored md5 password and compare the received
> password after md5ing it in case it was sent clear-text.
But you can do that with our current system. Store them in pg_shadow
using unix password format. If a cleartext password comes in, crypt it
using the pg_shadow salt and compare them.
--
Bruce Momjian | http://www.op.net/~candle
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2000-05-06 17:23:52 | Re: You're on SecurityFocus.com for the cleartext passwords. |
Previous Message | Vince Vielhaber | 2000-05-06 17:19:16 | Re: You're on SecurityFocus.com for the cleartext passwords. |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2000-05-06 17:23:52 | Re: You're on SecurityFocus.com for the cleartext passwords. |
Previous Message | Vince Vielhaber | 2000-05-06 17:19:16 | Re: You're on SecurityFocus.com for the cleartext passwords. |