Re: Authenticate with hash instead of plaintext password? - Mailing list pgsql-general

From Tom Lane
Subject Re: Authenticate with hash instead of plaintext password?
Date
Msg-id 16926.1355680268@sss.pgh.pa.us
Whole thread Raw
In response to Re: Authenticate with hash instead of plaintext password?  (Peter Bex <Peter.Bex@xs4all.nl>)
Responses Re: Authenticate with hash instead of plaintext password?
List pgsql-general
Peter Bex <Peter.Bex@xs4all.nl> writes:
> On Sun, Dec 16, 2012 at 05:38:37PM +0100, Murray Cumming wrote:
>> I would not be storing the plaintext password anywhere. That makes it
>> harder for someone get the plaintext password if they break into the
>> server, and therefore harder for someone to use that password to break
>> into another account if the user has used the same password.

> If they do break in and are able to retrieve the password hash, they
> can still break in with that hash.

Right, they can break into *this account*.  But Murray is worrying about
the all-too-common case where a user has used the same or similar
password for multiple sites.  I think his goal of not having the
original password stored anywhere is laudable.

Perhaps I'm missing the context here, but it seems unlikely that the
users have any direct access to the database.  If they can only get to
it through the website, then what about the idea of hashing the original
text, and then using that hashed string as the database password?  IOW
I don't see why this must be implemented inside libpq rather than in
the website logic.

            regards, tom lane


pgsql-general by date:

Previous
From: Andreas
Date:
Subject: Re: Need help for import of text file
Next
From: Peter Bex
Date:
Subject: Re: Authenticate with hash instead of plaintext password?