Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

From: Robson Paniago de Miranda <robson(at)mpdft(dot)gov(dot)br>
To: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>
Cc: pgsql-hackers(at)hub(dot)org
Subject: Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Date: 1998-02-19 21:20:41
Message-ID: 34ECA1DA.74B2@mpdft.gov.br
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Bruce Momjian wrote:
>
> > > But it is not secure. Why have passwords then?
> > >
> > I think is better have the encrypted passwords and the salt in pg_user.
> > I don't know if this will be bing a security hole :(
> >
>
> If we do this, then what does the frontend pass us?
>
> --
> Bruce Momjian
> maillist(at)candle(dot)pha(dot)pa(dot)us

I was thinking in the backend pass the salt stored in pg_user to the
frontend, but doing that is (almost) the same as having the password
stored in clear text. It was a bad idea :(

Robson.

Browse pgsql-hackers by date

  From Date Subject
Next Message Jan Wieck 1998-02-19 21:27:15 Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Previous Message Robson Paniago de Miranda 1998-02-19 21:07:07 [Fwd: Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)]