Re: You're on SecurityFocus.com for the cleartext passwords.

On Sat, 6 May 2000, Bruce Momjian wrote:

> > But what I'm proposing will let ALL clients send an encrypted password
> > over the wire and we can also store them encrypted. By comparing twice
> > we can maintain backward compatibility. The backend would compare the
> > password received with the stored md5 password and compare the received
> > password after md5ing it in case it was sent clear-text.
>
> But you can do that with our current system. Store them in pg_shadow
> using unix password format. If a cleartext password comes in, crypt it
> using the pg_shadow salt and compare them.

You missed half of it. Platforms that don't have crypt would use our
MD5 so eventually all of them would be sending encrypted passwords
over the wire. I'm trying to accomplish two things here.

Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================