cryptography, was Drawbacks of using BYTEA for PK? - Mailing list pgsql-general

From Chris Travers
Subject cryptography, was Drawbacks of using BYTEA for PK?
Date
Msg-id 015801c3d9b1$3a5b8120$54285e3d@winxp
Whole thread Raw
In response to Re: Drawbacks of using BYTEA for PK?  ("scott.marlowe" <scott.marlowe@ihs.com>)
Responses Re: cryptography, was Drawbacks of using BYTEA for PK?
List pgsql-general
From: "Keith C. Perry" <netadmin@vcsn.com>
> Using an MD5 hash to
> "hide" them will slow your app down by some delta and not protect your
> connection.  Granted garbling that id with a password is somewhat more
secure
> but your connection could still be attacked or even hijacked.
>
> In the URL's you gave above, why are you not using HTTPS (i.e.
authentication)?
>  What about using a crytographic cookies to identify your session and link
that
> to you userid (after authorization)?

Https I can see.  I am having difficulty understanding how you could use
cryptographic cookies to prevent session hijacking though given the current
setup.  Also you could use ssl between the web server and PostgreSQL to
secure that connection.

As a side question:  Does PostgreSQL support using Kerberos for encrypted
connections (beyond authentication), or do you need to use SSL for that?

Best Wishes,
Chris Travers


pgsql-general by date:

Previous
From: "Chris Travers"
Date:
Subject: Re: Drawbacks of using BYTEA for PK?
Next
From: "Chris Travers"
Date:
Subject: Re: Drawbacks of using BYTEA for PK?