Home > mailing lists

Re: sefety of passwords for web-service applications - Mailing list pgsql-general

From	Vlad K.
Subject	Re: sefety of passwords for web-service applications
Date	November 24, 2012 13:05:42
Msg-id	50B09BF2.9070008@haronmedia.com Whole thread Raw
In response to	sefety of passwords for web-service applications (Rafal Pietrak <rafal@zorro.isa-geek.com>)
Responses	Re: sefety of passwords for web-service applications (Bill Moran <wmoran@potentialtech.com>)
List	pgsql-general

Tree view

On 11/24/2012 10:15 AM, Rafal Pietrak wrote:
> Some improvement in passwords safety could be gained, if the database
> table access methods (e.g. SELECT...) provided means to limit that
> access to just one entry at a time, and return results only when
> (password) column hash was equal for a single entry. e.g. information is
> not leaking when password dont' match.

But what about situations where the attackers gained access to the
database itself or faulty discs that got replaced? Isn't just having a
strong hash a better solution? And by strong I mean a bcrypt based or
similar approach that requires significant time to calculate a single hash.

--

.oO V Oo.

Work Hard,
Increase Production,
Prevent Accidents,
and
Be Happy!  ;)

pgsql-general by date:

From: Chris Travers
Date: 24 November 2012, 12:41:14
Subject: Re: sefety of passwords for web-service applications

From: Peter Kroon
Date: 24 November 2012, 14:32:59
Subject: alter sequence

Re: sefety of passwords for web-service applications - Mailing list pgsql-general

Previous

Next