Home > mailing lists

Re: [HACKERS] Updated TODO list - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: [HACKERS] Updated TODO list
Date	July 13, 1999 16:01:38
Msg-id	199907131655.MAA25684@candle.pha.pa.us Whole thread Raw
In response to	Re: [HACKERS] Updated TODO list ("Gene Sokolov" <hook@aktrad.ru>)
Responses	Re: [HACKERS] Updated TODO list
List	pgsql-hackers

Tree view

[Charset koi8-r unsupported, filtering to ASCII...]
> From: Jan Wieck <wieck@debis.com>
> > >
> > > I can "select * from pgshadow" as the database owner.
> > >
> >
> >     You  must  be  a  database superuser or a superuser must have
> >     granted SELECT right for pg_shadow to you.
> >
> >
> > Jan
> 
> DB admin has no business knowing other's passwords. The current security
> scheme is seriously flawed.
> 

But it is the db passwords, not the Unix passwords.  How are we supposed
to make this work if the db doesn't know the passwords, AND use random
salt over the wire?

--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

From: Tom Lane
Date: 13 July 1999, 14:34:30
Subject: Re: [HACKERS] PostgreSQL v6.5 - Tagged

From: Tom Lane
Date: 13 July 1999, 16:21:50
Subject: Re: [HACKERS] Updated TODO list

Re: [HACKERS] Updated TODO list - Mailing list pgsql-hackers

Previous

Next