From: | Alvaro Herrera <alvherre(at)dcc(dot)uchile(dot)cl> |
---|---|
To: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> |
Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5 |
Date: | 2004-04-27 18:57:14 |
Message-ID: | 20040427185714.GA3078@dcc.uchile.cl |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-patches |
On Tue, Apr 27, 2004 at 09:37:50AM +0200, Fabien COELHO wrote:
> Even of the salt is based on the login, the point is that it is stored
> separatly, so the system does not rely on the login string to check the
> password.
>
> The only other scheme which requires the user password somehow is the HTTP
> digest authentification, and AFAIK no one in the world uses it;-)
I think (some of the) SASL authentication mechanisms also use a digest
of the user and password, if that's what you meant. But the username
and password have to be stored separately on the server anyway, just
like HTTP digest -- they are means of hiding it on the wire, not on
disk.
--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"El miedo atento y previsor es la madre de la seguridad" (E. Burke)
From | Date | Subject | |
---|---|---|---|
Next Message | Jim C. Nasby | 2004-04-27 19:05:29 | pg_autovacuum reltuples bug |
Previous Message | Nicholas Howell | 2004-04-27 14:34:38 | Query producing the wrong results? |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2004-04-27 19:50:53 | Thread test improvement |
Previous Message | Thomas Hallgren | 2004-04-27 17:43:42 | Patch for GUC custom variables |