| From: | Cedar Cox <cedarc(at)visionforisrael(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Tom Samplonius <tom(at)sdf(dot)com>, "George P(dot) Esperanza" <george(at)calamba(dot)laguna(dot)net>, pgsql-interfaces(at)postgresql(dot)org |
| Subject: | Re: ODBC problem - crypt.. |
| Date: | 2000-10-09 21:39:16 |
| Message-ID: | Pine.LNX.4.21.0010092332560.23306-100000@nanu.visionforisrael.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
On Mon, 9 Oct 2000, Tom Lane wrote:
..
> We have talked about adding a higher-security login protocol --- you can
> find past threads about this in the pghackers archive. IIRC a fairly
> complete design was worked out, but no one's got round to implementing
> it yet. There might still have been some unresolved objections, too.
>
> regards, tom lane
Perhaps I didn't make my point clear: The only point of a password is to
protect something. If that something is transmitted in the clear, then
from a hackers point of view there's almost no point in having a password.
Of course this only applies to fetching data.. updates are a different
story.
So. If working with sensitive data, shouldn't the data be encrypted as
well, not just the login sequence? Is ssh a good way to go (assuming you
have an account on the PG machine), and is what I proposed possible?
-Cedar
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2000-10-09 22:18:31 | Re: ODBC problem - crypt.. |
| Previous Message | W. van den Akker | 2000-10-09 19:39:00 | 16-bit ODBC driver |