Home > mailing lists

Re: odbc - ssl: how-to-do-it. - Mailing list pgsql-odbc

From	Tom Lane
Subject	Re: odbc - ssl: how-to-do-it.
Date	May 29, 2003 12:57:14
Msg-id	17266.1054216613@sss.pgh.pa.us Whole thread Raw
In response to	Re: odbc - ssl: how-to-do-it. ("Dave Page" <dpage@vale-housing.co.uk>)
List	pgsql-odbc

Tree view

"Dave Page" <dpage@vale-housing.co.uk> writes:
>> Is there any way/what are the ways to secure the passwords
>> sent by the PGODBC driver to the DB?

> Use md5 passwords. It won't prevent a replay attack, but at least they
> won't be plain text.

Actually md5 does make a replay attack substantially harder.  What goes
over the wire is an md5 checksum of the cleartext password plus username
plus a 4-byte salt chosen on-the-fly by the server.  So a replay
attacker would have to be lucky enough to be challenged with the same
salt he'd seen used before.

            regards, tom lane

pgsql-odbc by date:

From: Chris Gamache
Date: 29 May 2003, 12:11:13
Subject: Re: odbc - ssl: how-to-do-it.

From: "Dave Page"
Date: 29 May 2003, 13:37:35
Subject: Re: odbc - ssl: how-to-do-it.

Re: odbc - ssl: how-to-do-it. - Mailing list pgsql-odbc

Previous

Next