Home > mailing lists

Re: [PATCHES] Re: [HACKERS] User authentication bug? - Mailing list pgsql-interfaces

From	Michael Graff
Subject	Re: [PATCHES] Re: [HACKERS] User authentication bug?
Date	August 2, 1998 18:55:37
Msg-id	v6d8ajw44u.fsf@kechara.lh.vix.com Whole thread Raw
In response to	Re: [HACKERS] User authentication bug? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-interfaces

Tree view

Tom Lane <tgl@sss.pgh.pa.us> writes:

> With the attached patch, I have verified that long (> 8char anyway)
> usernames and passwords work correctly in both "password" and "crypt"
> authorization mode.  NOTE: at least on my machine, it seems that the
> crypt() routines ignore the part of the password beyond 8 characters,
> so there's no security gain from longer passwords in crypt auth mode.
> But they don't fail.

Which is why postgres should use MD5, salted with the username, as a
password one-way hash.  :)

--Michael

pgsql-interfaces by date:

From: Tom Lane
Date: 02 August 1998, 18:34:59
Subject: Re: [INTERFACES] psqlodbc

From: Tom Lane
Date: 02 August 1998, 21:40:43
Subject: Re: [INTERFACES] Re: [HACKERS] User authentication bug?

Re: [PATCHES] Re: [HACKERS] User authentication bug? - Mailing list pgsql-interfaces

Previous

Next