| From: | Isak Hansen <isak(dot)hansen(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Best Practices - Securing an Enterprise application using JBOSS & Postgres |
| Date: | 2011-06-08 19:07:12 |
| Message-ID: | BANLkTikZzpYK_kbECxo0z7+B2cx2JYLRPg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Jun 8, 2011 at 11:43 AM, Radosław Smogura
<rsmogura(at)softperience(dot)eu> wrote:
>
> You should actually only consider safty of storing of such passwords in
> database. If with md5 the password isn't digested like in DIGEST HTTP auth,
> and only md5 shortcut is transfferd it has no meaning if you will transfer
> over network clear password or md5 password (ok has if you use same password
> in at least two services both storing password with md5). On higher level
> you may note that MD5 is little bit out-dated and it's not considered
> secure, currently I think only SHA-256 is secure.
>
> If you suspect that someone on your network may sniff password use cert auth
> or kerberos or one of it mutations.
While MD5 is considered broken for certain applications, it's still
perfectly valid for auth purposes.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John R Pierce | 2011-06-08 19:37:51 | Re: what is the best way of storing text+image documents in postgresql |
| Previous Message | Mike Christensen | 2011-06-08 18:56:45 | Converting uuid primary key column to serial int |