I can "select * from pgshadow" as the database owner.
> -----Original Message-----
> From: owner-pgsql-hackers@postgreSQL.org
> [mailto:owner-pgsql-hackers@postgreSQL.org]On Behalf Of Bruce Momjian
> Sent: 09 July 1999 17:41
> To: Hannu Krosing
> Cc: Gene Sokolov; PostgreSQL-development
> Subject: Re: [HACKERS] Updated TODO list
>
>
> > > But we don't, do we? I thougth they were hashed.
> >
> > do
> > select * from pg_shadow;
> >
> > I think that it was agreed that it is better when they
> can't bw snatched
> > from
> > network than to have them hashed in db.
> > Using currently known technologies we must either either know the
> > original password
> > and use challenge-response on net, or else use plaintext
> (or equivalent)
> > on the wire.
>
> Yes, I remember now, we hash them with random salt before sending them
> to the client, and they are only visible to the postgres user.
>
> --
> Bruce Momjian | http://www.op.net/~candle
> maillist@candle.pha.pa.us | (610) 853-3000
> + If your life is a hard drive, | 830 Blythe Avenue
> + Christ can be your backup. | Drexel Hill,
> Pennsylvania 19026
>
>
