Home > mailing lists

Re: You're on SecurityFocus.com for the cleartext passwords. - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: You're on SecurityFocus.com for the cleartext passwords.
Date	May 6, 2000 21:14:09
Msg-id	12190.957651174@sss.pgh.pa.us Whole thread Raw
In response to	Re: You're on SecurityFocus.com for the cleartext passwords. (Benjamin Adida <ben@mit.edu>)
Responses	Re: You're on SecurityFocus.com for the cleartext passwords. (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

Benjamin Adida <ben@mit.edu> writes:
> I think it's overkill to impose SSL for everything.

Agreed, and in any case we are not going to require people to install
SSL before they can use Postgres.  It's an appropriate tool for some
people to use depending on what their security situation is.

I think we are converging on a plan that involves switching from crypt
to MD5 as our password-hashing algorithm, so given that we are going to
need a client upgrade anyway, we can throw in the double hashing (two
salt) method you proposed without any extra pain.  Might as well protect
the password against sniffing if we can...
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 06 May 2000, 21:03:11
Subject: Re: You're on SecurityFocus.com for the cleartext passwords.

From: Tom Lane
Date: 06 May 2000, 21:22:10
Subject: Re: ROLLBACK of DROP TABLE leaves database in inconsistent state

Re: You're on SecurityFocus.com for the cleartext passwords. - Mailing list pgsql-hackers

Previous

Next