Quick Links

Re: Using md5 authentication

From:	"ktm(at)rice(dot)edu" <ktm(at)rice(dot)edu>
To:	Philip Poloczek <Philip(dot)Poloczek(at)dlr(dot)de>
Cc:	Athanasios Kostopoulos <athanasios(dot)kostopoulos(at)classmarkets(dot)com>, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org>
Subject:	Re: Using md5 authentication
Date:	2013-07-31 12:52:06
Message-ID:	20130731125206.GY3001@aart.rice.edu
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-novice

On Wed, Jul 31, 2013 at 10:25:03AM +0200, Philip Poloczek wrote:
> It's kind of secure. These passwords are very sensitive, i don't
> even want administrators to read these passwords in plain text.
> Maybe i should use ldap.
>

Hi Philip,

Storing a hash of a password that you could use is the same as
storing the plain text password with the same security concerns.
As you suspect, using something like ldap, gssapi or a multi-
factor authentication scheme is much, much better.

Regards,
Ken

In response to

Re: Using md5 authentication at 2013-07-31 08:25:03 from Philip Poloczek

Responses

really novice with Postgres ! at 2013-08-01 13:53:30 from Jean MAURICE

Browse pgsql-novice by date

	From	Date	Subject
Next Message	Jean MAURICE	2013-08-01 13:53:30	really novice with Postgres !
Previous Message	Philip Poloczek	2013-07-31 08:25:03	Re: Using md5 authentication