| From: | Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> |
|---|---|
| To: | "'Jim Mercer'" <jim(at)reptiles(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | AW: Re: Encrypting pg_shadow passwords |
| Date: | 2001-06-27 09:04:38 |
| Message-ID: | 11C1E6749A55D411A9670001FA68796336834E@sdexcsrv1.f000.d0188.sd.spardat.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Tue, Jun 26, 2001 at 10:18:37AM -0400, Tom Lane wrote:
> > though I would note that anyone who is able to examine the
> > contents of pg_shadow has *already* broken into your database
>
> note: the dbadmin may not be the system administrator, but the dbadmin,
> by default (with plaintext) can scoop an entire list of "useful" passwords,
> since many users (like it or not) use the same/similar passwords for
> multiple accounts.
I fully agree with this statement and think it is a valid concern.
Would it help here to introduce some poor man's encryption that is
reversible ? Then the admin would need to intentionally decrypt the
pg_shadow entry to see that plain password, and not see it if he just
accidentally select'ed * from pg_shadow.
If an admin intentionally wants to crack a password he will always
have means to do that (e.g. send well chosen salts).
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zeugswetter Andreas SB | 2001-06-27 09:08:06 | AW: Benchmarking |
| Previous Message | Zeugswetter Andreas SB | 2001-06-27 09:01:38 | AW: Non-trivial rewriting sql query |