Re: Postgresql -- initial impressions and comments

j.random.programmer wrote:

> 1)
> Running postgres as non-root is understandable but
> should not be _mandated_ (for totally private
> networks,
> it's overkill). Trust the user...

Ugh. No, no, no! It's a really bad idea to run things as root that don't
need to be, even if everyone who uses the system (and for whom it's even
physically possible to connect to the system) is totally trusted, which
almost never happens anyway. Programs running as root can do much more
damage if they go wrong.

> 2)
> It's not clear what md5 password auth does.
>
> (a) Is the password stored as md5 in the database
> itself, or only md5's on the wire (from client to
> server) and then thereafter stored as plain text in
> the db itself ?

Ahh, good question. One of the other responses says it means both.

That's disconcerting to me because I think it defeats the point of
sending MD5 signatures on the wire - avoiding replay attacks. If it's
stored in MD5 format on the server, it can't request it with a different
salt every time (how would it compare them?), so you can just replay the
MD5 transmission.

The other way, though, a compromise of the database would mean a
compromise of all the passwords.

So it definitely would be helpful to have an answer to your question in
with the description of the authentication types, so you could choose
intelligently based on what you consider to be more likely risks.

> (b) If the client is responsible for the md5
> encryption,
> then does the JDBC driver do this for us automatically
> ?
>
> (c) Is there a md5 function in the database ?

Not by default. But look at contrib/crypto in the source distribution.
You'll have to manually compile it/insert it into the database. Once you
do that, it should do what you want. Works well for me, anyway.

Where would you have expected to find this information in the
documentation? I'm sure it could be added if you could find a good place
for it...

Scott