RE: [HACKERS] Updated TODO list - Mailing list pgsql-hackers

From John Ridout
Subject RE: [HACKERS] Updated TODO list
Date
Msg-id 001501becc6c$bf00fd80$0301010a@johnridout
Whole thread Raw
In response to Re: [HACKERS] Updated TODO list  (Bruce Momjian <maillist@candle.pha.pa.us>)
Responses Re: [HACKERS] Updated TODO list
List pgsql-hackers
I'm using 6.4 so you may want to ignore everything I say.
I created a new user with create db and create user permission.
With said new user I "select * from pg_shadow".  Is that right?

John.

> 
> > I can "select * from pgshadow" as the database owner.
> 
> Are you saying you can do this as a database owner, not the postgres
> user?  I just tried it, and was not able to see the table contents:
> 
>     xx=> select * from pg_shadow;
>     ERROR:  pg_shadow: Permission denied.
> 
> Yes, only the installation owner can do that.  No way to do 
> password stuff
> unless the 'postgres' user can access the passwords, righ?  Is that a
> problem?
> 
> 
> > > -----Original Message-----
> > > From: owner-pgsql-hackers@postgreSQL.org
> > > [mailto:owner-pgsql-hackers@postgreSQL.org]On Behalf Of 
> Bruce Momjian
> > > Sent: 09 July 1999 17:41
> > > To: Hannu Krosing
> > > Cc: Gene Sokolov; PostgreSQL-development
> > > Subject: Re: [HACKERS] Updated TODO list
> > > 
> > > 
> > > > > But we don't, do we?  I thougth they were hashed.
> > > > 
> > > > do
> > > >  select * from pg_shadow;
> > > > 
> > > > I think that it was agreed that it is better when they 
> > > can't bw snatched
> > > > from 
> > > > network than to have them hashed in db. 
> > > > Using currently known technologies we must either 
> either know the
> > > > original password 
> > > > and use challenge-response on net, or else use plaintext 
> > > (or equivalent)
> > > > on the wire.
> > > 
> > > Yes, I remember now, we hash them with random salt before 
> sending them
> > > to the client, and they are only visible to the postgres user.
> > > 
> > > -- 
> > >   Bruce Momjian                        |  
http://www.op.net/~candle
> >   maillist@candle.pha.pa.us            |  (610) 853-3000
> >   +  If your life is a hard drive,     |  830 Blythe Avenue
> >   +  Christ can be your backup.        |  Drexel Hill, 
> > Pennsylvania 19026
> > 
> > 
> 
> 


--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] 6.5.1
Next
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] Updated TODO list