Home > mailing lists

Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) - Mailing list pgsql-hackers

From	Brett McCormick
Subject	Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Date	February 20, 1998 01:01:52
Msg-id	199802200303.TAA11237@abraxas.scene.com Whole thread Raw
In response to	Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) (ocie@paracel.com)
Responses	Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) (Goran Thyni <goran@bildbasen.se>)
List	pgsql-hackers

Tree view

What about a public/private key mechanism, like ssh?

On Thu, 19 February 1998, at 15:25:56, ocie@paracel.com wrote:

> Standard salt is two characters, so an adversary might be able to
> watch and record which salts produced which replies.  Even with a
> single login, a brute force attack might still be able to get the
> user's password.  A stronger challenge-response system might be more
> secure.  It should be possible for the server to authenticate a user
> without having to store the user's password.
>
> Then again, this is all starting to sound like Kerberos, so if
> Postgres had Kerberos authentication (which I think it does), then
> this could be used for the ultra-high security authentication system.
>
> Ocie Mitchell

pgsql-hackers by date:

From: Brett McCormick
Date: 20 February 1998, 00:57:23
Subject: Re: [HACKERS] atttypmod

From: Bruce Momjian
Date: 20 February 1998, 01:05:44
Subject: Re: [HACKERS] Running pgindent

Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) - Mailing list pgsql-hackers

Previous

Next