Jeff Janes escribió:
> On Fri, Feb 21, 2014 at 7:04 AM, Alvaro Herrera <alvherre@2ndquadrant.com>wrote:
> > If you were to have a mechanism by which
> > libpq can store an md5'd password (or whatever hash) and send that md5
> > to the server and have the server accept it to grant a connection, then
> > the md5 has, in effect, become the unencrypted password which others can
> > capture from the file, and you're back at square one.
>
> The string in .pgpass would be enough for people to log into postgresql,
> true. But it would not work to log onto other things which share the same
> clear-text password but don't share the same salting mechanism.
That's true. Patches welcome to improve that. Maybe we can define that
if the stored password string starts with $1$md5$ and has a just the
right length then it's a md5 hash rather than cleartext, or something
like that.
I do fear that people are going to look at the file and say "hey, it's
encrypted [sic] so it's secure! I can share the file with the world!".
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
