Postgres Pro
Downloads
Home   >   mailing lists

Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) - Mailing list pgsql-hackers

From D. Dante Lorenso
Subject Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Date
Msg-id 01bd3d61$66905920$3a151ecf@redhat.afai.com
Whole thread Raw
Responses Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)  (Ronald Baljeu <rjb@xs4all.nl>)
List pgsql-hackers
Tree view 
Crypt sounds good.  I like that Idea.  I also use the unix crypt
function to password protect httpd.

Right now this is done with PERL doing the encryption and sticking
it into the database in a char field.  Then, another prog dumps
the passwords periodically into the httpd password file.

This would allow me to export the crypted passwords to the webserver
as well?  It would be convenient to be able to use the same password
in both places.

------- OTHER WISE ---- CAN WE STEAL IDEAS FROM OTHERS? --------

I'm also running MySQL (trying to switch to PG, but waiting for ODBC
to catch up), I like the mysql feature of inserting passords by:

    insert into user (host,user,password)
    values ("domain.com","dlorenso",password('psswrd');

then if I

    select (host,user,password) * from user;

I will get something like:

...
| domain.com | dlorenso | 2cfcb63e23e2d463 |
...

Dante


.------------------------------------------.-----------------------.
|  _ dlorenso@afai.com - D. Dante Lorenso  | Network Administrator |
| | |    ___  _ _  ___  __ _  ___  ___     |                       |
| | |__ / o \| '_|/ o_\|  \ |\_ _\/ o \    | Accounting Firms      |
| |____|\___/|_|  \___/|_|\_|\___|\___/    | Associated, inc.      |
| http://www.afai.com/~dlorenso            | http://www.afai.com/  |
'------------------------------------------'-----------------------'
-----Original Message-----
From: Brett McCormick <brett@work.chicken.org>
To: Jan Wieck <jwieck@debis.com>
Cc: Zeugswetter Andreas SARZ <Andreas.Zeugswetter@telecom.at>;
pgsql-hackers@hub.org <pgsql-hackers@hub.org>
Date: Thursday, February 19, 1998 12:53 PM
Subject: Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)


>
>Have we considering using the unix crypt function for passwords?  That
>way it wouldn't matter (as much) if people saw the password, and would
>still be (somewhat less) secure.
>
>On Thu, 19 February 1998, at 15:55:07, Jan Wieck wrote:
>
>>     Cracked!
>>
>>     create table get_passwds (usename name, passwd text);
>>     insert into get_passwds select usename, passwd from pg_user;
>>     select * from get_passwds;
>>     usename|passwd
>>     -------+------
>>     pgsql  |
>>     wieck  |test
>>     (2 rows)
>>
>>
>>
>> Sorry, Jan
>>
>> --
>>
>> #======================================================================#
>> # It's easier to get forgiveness for being wrong than for being right. #
>> # Let's break this rule - forgive me.                                  #
>> #======================================== jwieck@debis.com (Jan Wieck) #
>>
>>
>

pgsql-hackers by date:

Previous
From: Brett McCormick
Date:
Subject: Re: [HACKERS] Platform status
Next
From: "D. Dante Lorenso"
Date:
Subject: Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)