Home > mailing lists

Re: Re: Encrypting pg_shadow passwords - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Re: Encrypting pg_shadow passwords
Date	July 11, 2001 16:36:32
Msg-id	200107111702.f6BH2nE14874@candle.pha.pa.us Whole thread Raw
In response to	Re: Re: Encrypting pg_shadow passwords (michael@miknet.net (Michael Samuel))
List	pgsql-hackers

Tree view

> Also, I think we should add to the client API the ability to only accept
> certain authentication schemes, to avoid active attacks tricking your
> software from sending the HMAC password in cleartext.

This is an interesting point.  We have kept 'password' authentication
around for secondary password files and for very old clients, but now
see that having it around can be a security problem because you can ask
the client to send you cleartext passwords.

Comments?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

From: Bruce Momjian
Date: 11 July 2001, 16:27:25
Subject: Re: Re: SOMAXCONN (was Re: Solaris source code)

From: Bruce Momjian
Date: 11 July 2001, 16:41:08
Subject: Re: Re: Encrypting pg_shadow passwords

Re: Re: Encrypting pg_shadow passwords - Mailing list pgsql-hackers

Previous

Next