| From: | Michael Robinson <robinson(at)netrinsics(dot)com> |
|---|---|
| To: | pgsql-hackers(at)hub(dot)org |
| Subject: | Re: |
| Date: | 2000-05-10 04:48:48 |
| Message-ID: | 200005100448.MAA05543@netrinsics.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Henry B. Hotz" <hotz(at)jpl(dot)nasa(dot)gov> writes:
>If I understand the original objection it's that passwords are stored
>in cleartext on the postmaster machine.
You understand the original objection, but you don't understand the basis for
the objection.
>That's not much of an
>objection since you have to have your secrets available in the clear
>on both ends of a connection if you want the traffic on the
>connection secured.
This is true. However, the problem is that people reuse passwords. By
hashing the password on both ends of the connection with a known random
salt, you achieve the same result as if people did not reuse passwords,
i.e., a root compromise of the postgres server will not give the perpetrator
access to anything other than the specific postgres account on that server.
Without encryption, such a compromise would very likely lead to further
compromises of other services secured by the same password as was used for
postgres access.
Users are their own worst enemy. This is a small thing we can do to protect
them from themselves.
-Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Inoue | 2000-05-10 05:39:06 | RE: Shouldn't flush dirty buffers at shutdown ? |
| Previous Message | Tom Lane | 2000-05-10 04:31:03 | Re: 7.0 RPM? |