From: | Vince Vielhaber <vev(at)michvhf(dot)com> |
---|---|
To: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | Louis Bertrand <louis(at)bertrandtech(dot)on(dot)ca>, Gene Sokolov <hook(at)aktrad(dot)ru>, pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: [HACKERS] Updated TODO list |
Date: | 1999-07-15 15:48:07 |
Message-ID: | Pine.BSF.4.05.9907151141160.23405-100000@paprika.michvhf.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, 15 Jul 1999, Bruce Momjian wrote:
> > 1) Divide and conquer: the developers are concerned about both "over the
> > wire" and server passwords. I suggest you focus on the server side and
> > leave the over the wire security to the DB admin/sys.admin as an
> > installation issue. If they choose to use SSL, SSH, IPsec or a home-grown
> > authentication handshake, that's of no concern to pgsql. Just think of it
> > as a telnet session into the server.
> >
> > 2) On the server side, use the native crypt(3) by default (or the NT
> > equivalent) and store the password hash. The strength of the crypt will
> > vary depending on the installation, but that's really up to the choice of
> > OS and installation. If someone wants to patch for PAM, Kerberos or
> > whatever, that's fine too, as long as you can always revert back to the
> > plain old crypt(3).
> >
>
> I disagree. Over the wire seems more important than protecting the
> passwords from the eyes of the database administrator, which in _most_
> cases is the system owner anyway.
And when it's not? People have a tendency to use passwords in more than
one place so they won't forget what they used (they can keep it narrowed
down to a couple passwords). Why would you want to make it visible to
anyone?
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
From | Date | Subject | |
---|---|---|---|
Next Message | Burgess, Trevor - HMS | 1999-07-15 16:40:22 | Locking |
Previous Message | Bruce Momjian | 1999-07-15 15:25:22 | #includes |