From: | Benjamin Adida <ben(at)mit(dot)edu> |
---|---|
To: | "Robert B(dot) Easter" <reaster(at)comptechnews(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Trond Eivind Glomsrxd <teg(at)redhat(dot)com>, Vince Vielhaber <vev(at)michvhf(dot)com>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, The Hermit Hacker <scrappy(at)hub(dot)org>, "Sverre H(dot) Huseby" <sverrehu(at)online(dot)no>, <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: You're on SecurityFocus.com for the cleartext passwords. |
Date: | 2000-05-06 21:50:46 |
Message-ID: | B53A0BF5.3743%ben@mit.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
on 5/6/00 3:18 PM, Robert B. Easter at reaster(at)comptechnews(dot)com wrote:
>
> Would public/private key pair authentication (like GPG) or SSL-like solutions
> work? If the backend could use SSL, it would have the ability to protect
> passwords and all data too from being seen on the network. Somekind of SSL
> ability would solve all security problems. Can't OpenSSL be used on top of
> the
> client/backend connection?
While SSL could probably be an option for people dealing with tremendously
sensitive data that shouldn't go in the clear over their internal network
(we're not talking about passwords here, just the SQL queries and
responses), I think it's overkill to impose SSL for everything.
The key exchange and constant encryption overhead would significantly affect
performance, so this doesn't seem like something to impose on everyone.
-Ben
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2000-05-06 21:57:10 | Re: You're on SecurityFocus.com for the cleartext passwords. |
Previous Message | Bill Barnes | 2000-05-06 21:00:41 | Creating tables with psql |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2000-05-06 21:57:10 | Re: You're on SecurityFocus.com for the cleartext passwords. |
Previous Message | Oliver Elphick | 2000-05-06 21:30:52 | ROLLBACK of DROP TABLE leaves database in inconsistent state |