| From: | Jim Mercer <jim(at)reptiles(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Re: Encrypting pg_shadow passwords |
| Date: | 2001-06-27 02:16:00 |
| Message-ID: | 20010626221600.A18520@reptiles.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jun 26, 2001 at 10:18:37AM -0400, Tom Lane wrote:
> though I would note that anyone who is able to examine the
> contents of pg_shadow has *already* broken into your database
note: the dbadmin ay not bethe system administrator, but the dbadmin,
by default (with plaintext) can scoop an entirelist of "useful" passwords,
since many users (like it or not) use the same/similar passwords for
multiple accounts.
> There's no reason to spend any additional work on it.
hmmm. what is the expected date of rollout of the new code with a backwards
compatible API (i don't mind recompiling), which has encrypted passwords
in pg_shadow?
--
[ Jim Mercer jim(at)reptiles(dot)org +1 416 410-5633 ]
[ Now with more and longer words for your reading enjoyment. ]
| From | Date | Subject | |
|---|---|---|---|
| Next Message | alavoor | 2001-06-27 02:31:19 | Most intelligent database technique: For PostgreSQL and MySQL |
| Previous Message | Alex Pilosov | 2001-06-27 02:09:39 | Re: functions returning records |