Skip site navigation (1) Skip section navigation (2)

Re: Postgres y jdbc

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: Edgar Enriquez <edgarpostgres(at)yahoo(dot)es>
Cc: lista postgres <pgsql-es-ayuda(at)postgresql(dot)org>
Subject: Re: Postgres y jdbc
Date: 2008-06-29 23:36:00
Message-ID: 20080629233600.GB5668@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-es-ayuda
Edgar Enriquez escribió:
> La pregrunta es si es posible de enviar md5 en una cadena de conección
> con postgresql-8.2-508.jdbc4?

No entiendo la pregunta.  Si el servidor especifica el método md5 en
pg_hba.conf, entonces el envío se hará en md5, independiente de cómo la
pongas en el código fuente.  (A diferencia del método password en
pg_hba.conf, que hace que la password se envíe en texto sin cifrar)

Dice la documentación:
http://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
md5

    Require the client to supply an MD5-encrypted password for
    authentication. See Section 21.2.2 for details. 

password

    Require the client to supply an unencrypted password for
    authentication. Since the password is sent in clear text over the
    network, this should not be used on untrusted networks. It also does
    not usually work with threaded client applications. See Section
    21.2.2 for details. 


La sección 21.2.2 es
http://www.postgresql.org/docs/8.3/static/auth-methods.html#AUTH-PASSWORD
que dice lo siguiente:

	The password-based authentication methods are md5, crypt, and
	password.  These methods operate similarly except for the way
	that the password is sent across the connection: respectively,
	MD5-hashed, crypt-encrypted, and clear-text. A limitation is
	that the crypt method does not work with passwords that have
	been encrypted in pg_authid.

	If you are at all concerned about password "sniffing" attacks
	then md5 is preferred, with crypt to be used only if you must
	support pre-7.2 clients. Plain password should be avoided
	especially for connections over the open Internet (...)

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

In response to

pgsql-es-ayuda by date

Next:From: Juan Carlos Badillo GoyDate: 2008-06-29 23:51:13
Subject: Re: [OT] Cubanos en la lista
Previous:From: Reynier Perez MiraDate: 2008-06-29 23:20:02
Subject: RE: [OT] Cubanos en la lista

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group