| From: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Jim Mercer <jim(at)reptiles(dot)org> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Encrypting pg_shadow passwords |
| Date: | 2001-06-25 06:07:53 |
| Message-ID: | 3.0.5.32.20010625140753.008449d0@192.228.128.13 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
At 12:20 AM 26-06-2001 -0400, Bruce Momjian wrote:
>>
>> at this point in time, i do not see a method of doing that without my mods
>> or using external password files.
>
>We will do double-crypt and everyone will be happy, right?
Wow optimistic :).
>> if the API as above existed, then i would be happy to see "password" go
away
>> (although it should be depreciated to a --enable option, otherwise you are
>> going to ruin a bunch of existing code).
>
>Who is using it? We can continue to allow it but at some point there is
>no purpose to it unless you have clients that are pre-7.2. Double-crypt
>removes the use for it, no?
I'm using "password".
If I feel that the wire isn't safe I'll use SSL.
Cheerio,
Link.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Barry Lind | 2001-06-25 06:08:33 | Re: [HACKERS] JDBC adaptor issue |
| Previous Message | Bruce Toback | 2001-06-25 05:55:40 | Re: JDBC adaptor issue |