From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Password sub-process ... |
Date: | 2002-07-30 15:55:15 |
Message-ID: | 200207301555.g6UFtFf00735@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Marc G. Fournier wrote:
> so, I can easily do something like:
>
> host database bruce IP1
> host database bruce IP2
>
> and know that client on IP1 can't look at client on IP2s database, even
> with the same user ... but in a VH environment, you have:
>
> host database bruce IP1
> host database bruce IP1
>
> in the old system, I could make both password based, so that altho both
> bruce's were looking to come from the same IP, only the one with the right
> password could connect, so Client on IP1's bruce wouldn't be able to look
> in Client on IP2's database, since he wouldn't have the required password
> to connect ...
>
> > I assume it would be MD5?
>
> I've been using DES, but MD5 would work too ...
OK, I have one idea. Right now the file format for usernames can be:
user, user, "user"
or
user user "user"
or
user
user
"user"
so we don't really have columns in the file. What we could do is to
allow the username to be specified as "user:pass" and the "pass" could
be in plaintext or md5. You could actually specify the "pass" in
pg_hba.conf or in a secondary file. The code currently makes no
distinction between them.
This does make the code a little more complex, but it is documenting
this that be cause the most confusion.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
From | Date | Subject | |
---|---|---|---|
Next Message | Hannu Krosing | 2002-07-30 16:06:57 | Re: creating aggregates that work on composite types |
Previous Message | Thomas Lockhart | 2002-07-30 15:43:26 | Re: Hex literals |