| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: Re: Proposal for encrypting pg_shadow passwords |
| Date: | 2001-08-16 04:26:02 |
| Message-ID: | 200108160426.f7G4Q2I23415@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> >> BTW, a protocol version bump for this is a horrid idea. That will
> >> create lots of compatibility problems for people, whether they use
> >> the new auth mode or not.
>
> > I thought protocol bumps were the way to handle such things. The SCM
> > patch does it as well. How should I tell if I am talking to a >=7.2
> > client?
>
> You send it the new auth request code and see if it copes or not.
> There's no need to bump the overall protocol version, and every reason
> *not* to.
OK, patch attached. Pretty nifty. Try MD5 first, and if it fails, try
crypt. I tested by corrupting the MD5 on the client side, and the
crypt() fallback worked, but only if pg_shadow was plaintext.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| Attachment | Content-Type | Size |
|---|---|---|
| unknown_filename | text/plain | 3.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-08-16 04:34:14 | Re: Patch: use SCM_CREDS authentication over PF_LOCAL sockets |
| Previous Message | Tom Lane | 2001-08-16 03:43:55 | Re: patch for 60 seconds bug |