Peter Bex <Peter.Bex@xs4all.nl> writes:
> On Sun, Dec 16, 2012 at 05:38:37PM +0100, Murray Cumming wrote:
>> I would not be storing the plaintext password anywhere. That makes it
>> harder for someone get the plaintext password if they break into the
>> server, and therefore harder for someone to use that password to break
>> into another account if the user has used the same password.
> If they do break in and are able to retrieve the password hash, they
> can still break in with that hash.
Right, they can break into *this account*. But Murray is worrying about
the all-too-common case where a user has used the same or similar
password for multiple sites. I think his goal of not having the
original password stored anywhere is laudable.
Perhaps I'm missing the context here, but it seems unlikely that the
users have any direct access to the database. If they can only get to
it through the website, then what about the idea of hashing the original
text, and then using that hashed string as the database password? IOW
I don't see why this must be implemented inside libpq rather than in
the website logic.
regards, tom lane
