Skip site navigation (1) Skip section navigation (2)

Re: Open 7.3 items

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
Cc: Ron Snyder <snyder(at)roguewave(dot)com>,Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>,PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Open 7.3 items
Date: 2002-08-01 02:37:31
Message-ID: 200208010237.g712bVM19193@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Marc G. Fournier wrote:
> On Wed, 31 Jul 2002, Bruce Momjian wrote:
> 
> > Ron Snyder wrote:
> > > >
> > > > Yes, is that your pg_hba.conf line?  'password' is insecure over
> > > > networks you don't trust.
> > >
> > > Yes, we're using 'password password' in our pg_hba.conf file.  I trust my
> > > network (so far).
> >
> > That is another major limitation to secondary password files.  In fact,
> > md5 will not even work because we assume the username is used as the
> > salt for the md5 encryption.  We don't store the salt as part of the
> > encrypted password like crypt does.
> >
> > This was another reason secondary password files were discouraged.
> 
> discouraged??  where? :)

Well. I meant that they had very limited usefulness. You had to trust
your network.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

Responses

pgsql-hackers by date

Next:From: Marc G. FournierDate: 2002-08-01 02:44:33
Subject: Re: Open 7.3 items
Previous:From: Marc G. FournierDate: 2002-08-01 02:26:10
Subject: Re: Trimming the Fat, Part Deux ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group