Home > mailing lists

Re: Encrypting pg_shadow passwords - Mailing list pgsql-hackers

From	fche@redhat.com (Frank Ch. Eigler)
Subject	Re: Encrypting pg_shadow passwords
Date	July 3, 2001 19:09:15
Msg-id	o5ae2vjoto.fsf@touchme.toronto.redhat.com Whole thread Raw
In response to	Re: Encrypting pg_shadow passwords (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

pgman@candle.pha.pa.us (Bruce Momjian) writes:

: OK, I get you now.  Why not ask the client to do a crypt and compare
: that to pg_shadow.  [...]

You can't trust the client to do the one-way encryption, for then the
encrypted password becomes plaintext-equivalent.  (The SMB protocol
apparently suffers or suffered from a similar flaw.)

- FChE

pgsql-hackers by date:

From: missive@frontiernet.net (Lee Harr)
Date: 03 July 2001, 19:08:07
Subject: Re: Encrypting pg_shadow passwords

From: "Matthew T. O'Connor"
Date: 03 July 2001, 19:10:05
Subject: Help with SI buffer overflow error

Re: Encrypting pg_shadow passwords - Mailing list pgsql-hackers

Previous

Next