| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Vince Vielhaber <vev(at)michvhf(dot)com> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: md5 again |
| Date: | 2000-07-11 15:00:04 |
| Message-ID: | 200007111500.LAA03436@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> direction what
> ----------------------------------------------
> CL -> PG username
> PG -> CL random salt
> CL -> PG plaintext passwd
>
>
> CL -> PG username
> PG -> CL user salt
^^^^^^^^^^^^^^^^^^^^^^^^^
> PG -> CL random salt
> CL -> PG encrypted passwd
>
MD5(MD5(username+user_salt)+random_salt)
Postmaster takes its pg_shadow MD5(username+user_salt) and does another
MD5 with the random salt and compares it with what was sent from the
client.
If the connection is defined as requiring crypt or password, only this
MD5 method can be used. If trusted is defined, cleartext passwords can
be accepted.
Don't bother encrypting the username. No security is gained.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2000-07-11 15:03:30 | Re: postmaster errors with index on temp table? |
| Previous Message | Vince Vielhaber | 2000-07-11 14:50:20 | md5 again |