Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Stephen,

> I'm concerned about both using a random salt in pg_shadow and about
> better documentation about what happens when you use 'md5' in
> pg_hba.conf.

Yep, per our conversation on IRC. Frankly, I responded on Bugtraq mainly to
the other person's comment that we'd been ignoring the issue since 2002. Few
of the people on bugtraq read pgsql-hackers and I didn't want to leave them
with the impression that our group ignored security threats.

> It was generally my understanding that it was better to get it
> 'sanctioned' and on the TODO list before just writing something up and
> expecting it to be included.

Absolutely.

> I've already offered elsewhere to work on
> writing a random-salt patch for PostgreSQL targeted at 8.1 and this
> encourages me further. I understand that I'd need to be sure it was
> backwards compatible to some extent (do both older client <-> newer
> server and newer client <-> older server need to work? I seem to recall
> only older client <-> newer server had to work, but perhaps I'm not
> remembering right).

Actually, I think older client <-> newer server is the least critical. We'd
be incrementing libpq for this. Right, Bruce?

While you're at it, maybe you should look at ways that pg_shadow could be
double-encrypted on backup but still restored easily?

--
Josh Berkus
Aglio Database Solutions
San Francisco