Thread: Re:

Re:

From
Michael Robinson
Date:
"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>If I understand the original objection it's that passwords are stored 
>in cleartext on the postmaster machine.

You understand the original objection, but you don't understand the basis for
the objection.

>That's not much of an 
>objection since you have to have your secrets available in the clear 
>on both ends of a connection if you want the traffic on the 
>connection secured.

This is true.  However, the problem is that people reuse passwords.  By 
hashing the password on both ends of the connection with a known random 
salt, you achieve the same result as if people did not reuse passwords,
i.e., a root compromise of the postgres server will not give the perpetrator
access to anything other than the specific postgres account on that server.

Without encryption, such a compromise would very likely lead to further 
compromises of other services secured by the same password as was used for
postgres access.

Users are their own worst enemy.  This is a small thing we can do to protect
them from themselves.
-Michael