Home > mailing lists

Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) - Mailing list pgsql-hackers

From	Robson Paniago de Miranda
Subject	Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Date	February 19, 1998 18:27:22
Msg-id	34ECA1DA.74B2@mpdft.gov.br Whole thread Raw
In response to	AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) (Zeugswetter Andreas SARZ <Andreas.Zeugswetter@telecom.at>)
List	pgsql-hackers

Tree view

Bruce Momjian wrote:
>
> > > But it is not secure.  Why have passwords then?
> > >
> >       I think is better have the encrypted passwords and the salt in pg_user.
> > I don't know if this will be bing a security hole :(
> >
>
> If we do this, then what does the frontend pass us?
>
> --
> Bruce Momjian
> maillist@candle.pha.pa.us

    I was thinking in the backend pass the salt stored in pg_user to the
frontend, but doing that is (almost) the same as having the password
stored in clear text. It was a bad idea :(

    Robson.

pgsql-hackers by date:

From: Bruce Momjian
Date: 19 February 1998, 18:13:31
Subject: Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

From: Frank Ridderbusch
Date: 19 February 1998, 18:32:29
Subject: [HACKERS] Platform status

Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) - Mailing list pgsql-hackers

Previous

Next