Home > mailing lists

Re: [pgadmin-hackers] Client-side password encryption - Mailing list pgsql-hackers

From	Christopher Kings-Lynne
Subject	Re: [pgadmin-hackers] Client-side password encryption
Date	December 20, 2005 01:06:27
Msg-id	43A767F0.3020603@familyhealth.com.au Whole thread Raw
In response to	Re: [pgadmin-hackers] Client-side password encryption (Alvaro Herrera <alvherre@commandprompt.com>)
List	pgsql-hackers

Tree view

>>I've already implemented this in phpPgAdmin trivially using the md5() 
>>function.  I can't be bothered using a C library function :D
> 
> IIRC the whole point of this exercise was to avoid passing the password
> to the server in the first place.  Unless you are talking about a PHP
> md5() password of course ...

Yes...

However of course in phpPgAdmin the password has already been sent 
cleartext to the webserver from your browser, and the database 
connection password parameter is still sent in the clear so...

Chris

pgsql-hackers by date:

From: Alvaro Herrera
Date: 20 December 2005, 01:01:37
Subject: Re: [pgadmin-hackers] Client-side password encryption

From: Tom Lane
Date: 20 December 2005, 02:03:32
Subject: Re: Lock issue when trying to vacuum db

Re: [pgadmin-hackers] Client-side password encryption - Mailing list pgsql-hackers

Previous

Next