Home > mailing lists

Re: Connect to postgres from a dynamic IP - Mailing list pgsql-general

From	brian
Subject	Re: Connect to postgres from a dynamic IP
Date	March 4, 2008 02:21:12
Msg-id	47CCBEBF.1010903@zijn-digital.com Whole thread Raw
In response to	Re: Connect to postgres from a dynamic IP (Jorge Godoy <jgodoy@gmail.com>)
List	pgsql-general

Tree view

Jorge Godoy wrote:
> Em Monday 03 March 2008 13:17:03 você escreveu:
>> My understanding is no password is sent in the clear with md5 per:
>>
>> http://www.postgresql.org/docs/8.3/interactive/auth-methods.html#AUTH-PASSW
>> ORD
>
> But the MD5 hash is.  This page states that the password can't be directly
> sniffed, but one can still get the hash of the password and perform a
> dictionary attack against it on a local copy (i.e., without ever trying to
> connect to the server).
>
> After a successful attack then one can connect directly to the server as if
> the password was known to him/her.
>

No sense in pretending. I should think that password *would* be known in
that scenario.

(ignoring hash collisions, of course)

pgsql-general by date:

From: Jorge Godoy
Date: 04 March 2008, 01:42:15
Subject: Re: Connect to postgres from a dynamic IP

From: Bruce Momjian
Date: 04 March 2008, 02:29:27
Subject: Re: text and bytea

Re: Connect to postgres from a dynamic IP - Mailing list pgsql-general

Previous

Next