| From: | Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Changing passwords from client application |
| Date: | 2006-12-19 20:42:51 |
| Message-ID: | 20061219204239.GB4707@batory.org.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I need to implement an option to change passwords in my application,
which authenticates using MD5. This application however operates over
unencrypted link, so it'll be a little bit of a challege.
I've came up with several possible implementations.
--------------------------------------------------------
Implementation I
1. A user selects "change password" option.
2. Ask a user for a old password, new password, new password
confirmation.
3. Connect to a database (this would be a second connection) using
provided old password.
4. Invoke
"select change_password(new_password_hash)"
where
new_password_hash=PQencryptPassword(new_password, username)
and change_password(text) is a volatile, security definer, owned by
superuser, which will just do
alter role session_user encrypted password $1;
This has two drawbacks:
- it needs another connection to a database, so I could not limit
concurrent connections for a user to 1;
- it will be possible to use for example a left open psql session to
change password of logged in user without knowledge of previous
password.
--------------------------------------------------------
Implementation II
1. and 2. the same.
3. Invoke
"select change_password(old_password_hash, new_password_hash)"
where
new_password_hash=PQencryptPassword(new_password, username)
old_password_hash=PQencryptPassword(old_password, username)
Again change_password(text) is a volatile, security definer, owned by
superuser function, which checks if
pg_authid.rolpassword=$1 where rolname=session_user
and then
alter role session_user encrypted password $2;
This time there is another problem - if anybody will sniff on this
connection during password changing then he will be able to use this
new_password_hash to change password if he had a left open psql
session.
--------------------------------------------------------
So do you have an idea how to securely change logged in user password
over an unencrypted link?
Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
Winnie the Pooh
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joost Kuckartz | 2006-12-19 20:47:47 | Unable to start server - winxp |
| Previous Message | Richard Huxton | 2006-12-19 20:28:58 | Re: Help compile pgmemcache against PG 8.2 |