| From: | "John Clark L(dot) Naldoza" <njclark(at)ntsp(dot)nec(dot)co(dot)jp> |
|---|---|
| To: | Gordan Bobic <gordan(at)freeuk(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: How passwords can be crypted in postgres? |
| Date: | 2001-01-04 00:52:09 |
| Message-ID: | 3A53C939.DC851913@ntsp.nec.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello All,
It seems to me that a solution for this specific problem
(Man-in-the-middle) can be found via SSH Tunneling...;-)
Using OpenSSH of course...;-)
If you are using (redhat) linux, I believe there is a great book online
found at http://www.openna.com called
Securing and Optimizing Redhat Linux.
There are a bunch of other ways that you can do... But as for the
original thread... I think you can encrypt passwords in postgres...;-)
But what do I know..;-)
> I was referring to a different aspect of security. I was referring to
> preventing more of a "man-in-the-middle" type of attack. If you have a
> packet sniffer somewhere between the client and the server, then someone
> could read your packet containing the encrypted password and use it to
> authenticate to the server, without knowing or caring what the real
> password is. If you can send the encrypted password to the server that
> matches, you're in.
>
> One way to secure this sort of setup is by using RSA-type algorythm where
> both client and server get to share a secret without actually transmitting
> any part of the actual key. This coupled with some form of authentication
> that would eliminate the man-in-the-middle attack (which would make that
> system voulnerable as well, because if someone is running a proxy in
> between you, they would also potentially know the shared secret) should
> bolt the system down completely. One obvious way to work around this all is
> to use public key cryptography such as PGP, which would remain secure as
> long as the private keys remain secure.
>
> But, the level of security required largely depends on what you are doing,
> and what sort of attack you want to protect yourself against...
>
> Regards.
>
> Gordan
--
/) John Clark Naldoza y Lopez (\
/ ) Software Design Engineer II ( \
_( (_ _ Web-Application Development _) )_
(((\ \> /_> Cable Modem Network Management System <_\ </ /)))
(\\\\ \_/ / NEC Telecom Software Phils., Inc. \ \_/ ////)
\ / \ /
\ _/ phone: (+63 32) 233-9142 loc. 3112 \_ /
/ / cellphone: (+63 919) 813-6274 \ \
/ / email: njclark(at)ntsp(dot)nec(dot)co(dot)jp \ \
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-01-04 03:01:17 | Re: 7.1 PL/pgSQL EXECUTE Command |
| Previous Message | Dominic J. Eidson | 2001-01-04 00:22:28 | Re: 7.1 PL/pgSQL EXECUTE Command |