Skip site navigation (1) Skip section navigation (2)

Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5

From: Alvaro Herrera <alvherre(at)dcc(dot)uchile(dot)cl>
To: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>
Cc: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>,PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: [BUGS] BUG #1134: ALTER USER ... RENAME breaks md5
Date: 2004-04-27 18:57:14
Message-ID: 20040427185714.GA3078@dcc.uchile.cl (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-patches
On Tue, Apr 27, 2004 at 09:37:50AM +0200, Fabien COELHO wrote:

> Even of the salt is based on the login, the point is that it is stored
> separatly, so the system does not rely on the login string to check the
> password.
> 
> The only other scheme which requires the user password somehow is the HTTP
> digest authentification, and AFAIK no one in the world uses it;-)

I think (some of the) SASL authentication mechanisms also use a digest
of the user and password, if that's what you meant.  But the username
and password have to be stored separately on the server anyway, just
like HTTP digest -- they are means of hiding it on the wire, not on
disk.

-- 
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"El miedo atento y previsor es la madre de la seguridad" (E. Burke)

In response to

pgsql-bugs by date

Next:From: Jim C. NasbyDate: 2004-04-27 19:05:29
Subject: pg_autovacuum reltuples bug
Previous:From: Nicholas HowellDate: 2004-04-27 14:34:38
Subject: Query producing the wrong results?

pgsql-patches by date

Next:From: Bruce MomjianDate: 2004-04-27 19:50:53
Subject: Thread test improvement
Previous:From: Thomas HallgrenDate: 2004-04-27 17:43:42
Subject: Patch for GUC custom variables

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group