Postgres Pro
Downloads
Home   >   mailing lists

Changing passwords from client application - Mailing list pgsql-general

From Tomasz Ostrowski
Subject Changing passwords from client application
Date
Msg-id 20061219204239.GB4707@batory.org.pl
Whole thread Raw
Responses Re: Changing passwords from client application  (Tomasz Ostrowski <tometzky@batory.org.pl>)
List pgsql-general
Tree view 
I need to implement an option to change passwords in my application,
which authenticates using MD5. This application however operates over
unencrypted link, so it'll be a little bit of a challege.

I've came up with several possible implementations.

--------------------------------------------------------

Implementation I

1. A user selects "change password" option.

2. Ask a user for a old password, new password, new password
confirmation.

3. Connect to a database (this would be a second connection) using
provided old password.

4. Invoke
    "select change_password(new_password_hash)"
where
    new_password_hash=PQencryptPassword(new_password, username)
and change_password(text) is a volatile, security definer, owned by
superuser, which will just do
        alter role session_user encrypted password $1;

This has two drawbacks:

- it needs another connection to a database, so I could not limit
  concurrent connections for a user to 1;

- it will be possible to use for example a left open psql session to
  change password of logged in user without knowledge of previous
  password.

--------------------------------------------------------

Implementation II

1. and 2. the same.

3. Invoke
    "select change_password(old_password_hash, new_password_hash)"
where
    new_password_hash=PQencryptPassword(new_password, username)
    old_password_hash=PQencryptPassword(old_password, username)
Again change_password(text) is a volatile, security definer, owned by
superuser function, which checks if
    pg_authid.rolpassword=$1 where rolname=session_user
and then
    alter role session_user encrypted password $2;

This time there is another problem - if anybody will sniff on this
connection during password changing then he will be able to use this
new_password_hash to change password if he had a left open psql
session.

--------------------------------------------------------

So do you have an idea how to securely change logged in user password
over an unencrypted link?

Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
                                                      Winnie the Pooh

pgsql-general by date:

Previous
From: Joost Kuckartz
Date:
Subject: Unable to start server - winxp
Next
From: Alvaro Herrera
Date:
Subject: Re: Autovacuum Improvements