Re: Re: Encrypting pg_shadow passwords - Mailing list pgsql-hackers

From Lincoln Yeoh
Subject Re: Re: Encrypting pg_shadow passwords
Date
Msg-id 3.0.5.32.20010617230552.0152b760@192.228.128.13
Whole thread Raw
In response to Re: Re: Encrypting pg_shadow passwords  (Jim Mercer <jim@reptiles.org>)
Responses Re: Re: Re: Encrypting pg_shadow passwords
List pgsql-hackers
At 12:04 AM 6/16/01 -0400, Jim Mercer wrote:
>On Sat, Jun 16, 2001 at 11:20:30AM +0800, Lincoln Yeoh wrote:
>> If you need to use encryption then having _everything_ encrypted is a
>> better idea - SSL etc. Those >1GHz CPUs are handy ;).
>
>[ yes, i noted the smiley ]
>
>it is rather unfortunate to see the OSS community buying into the tenents
>that allowed microsoft to get world domination based on crap quality
>software.
>
>"hardware is cheap" is a falsehood.

My point is if you really need encryption, then your data should be
encrypted too, otherwise it seems a waste of time or more a "feel good" thing.

I find it hard to recommend a setup where just the authentication portion
is encrypted but all the data is left in plaintext for everyone to see. Why
go to all that trouble to _fool_ yourself, when you can either do it
securely (encrypt everything), or do it quick (no encryption).

I'd personally put "only authentication is encrypted" in the "crossing a
chasm in two leaps" category.

Yoda says it better ;).

Cheerio,
Link.



pgsql-hackers by date:

Previous
From: Alex Pilosov
Date:
Subject: plperl direction
Next
From: Jim Mercer
Date:
Subject: Re: Re: Re: Encrypting pg_shadow passwords