| From: | Sevo Stille <sevo(at)ip23(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Philip Warner <pjw(at)rhyme(dot)com(dot)au>, Vince Vielhaber <vev(at)michvhf(dot)com>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Hannu Krosing <hannu(at)tm(dot)ee>, The Hermit Hacker <scrappy(at)hub(dot)org>, "Sverre H(dot) Huseby" <sverrehu(at)online(dot)no>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: So we're in agreement.... |
| Date: | 2000-05-09 11:44:39 |
| Message-ID: | 3917FA27.EA1AAD09@ip23.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Tom Lane wrote:
> One possibility that comes to mind is that we store MD5(MD5(password))
> in pg_shadow, and expect the client to transmit MD5(password).
> Of course that needs a cloaking scheme if you want to protect against
> password sniffing, but offhand it seems that the same scheme Ben Adida
> proposed should still work...
That would be pretty close to the RFC 2617 Digest Authentication. Why
don't we use that? Using a existing, widespread standard is good in
terms of portability, and saves on validating the principal algorithm.
Sevo
--
sevo(at)ip23(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2000-05-09 12:44:16 | Re: USMARC and postgresql? |
| Previous Message | Patrick FICHE | 2000-05-09 09:42:58 | Physical data storage |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2000-05-09 12:20:00 | Re: 7.0 key features |
| Previous Message | Magnus Hagander | 2000-05-09 07:50:18 | RE: You're on SecurityFocus.com for the cleartext passw ords. |