Quick Links

Re: Re: Proposal for encrypting pg_shadow passwords

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc:	Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject:	Re: Re: Proposal for encrypting pg_shadow passwords
Date:	2001-08-16 13:38:08
Message-ID:	9419.997969088@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-patches

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> OK, patch attached. Pretty nifty. Try MD5 first, and if it fails, try
> crypt.

What???

Where did *that* idea come from? If I'm using the new auth method
because I don't think the old one is secure, I sure as heck don't want
an old (or deliberately-broken) client to cause a fallback to a less
secure method.

If MD5 is specified in the config file, and the client doesn't support
it, then you *fail*. Full stop.

regards, tom lane

In response to

Re: Re: Proposal for encrypting pg_shadow passwords at 2001-08-16 04:26:02 from Bruce Momjian

Responses

Re: Re: Proposal for encrypting pg_shadow passwords at 2001-08-16 13:43:17 from Bruce Momjian
Re: Re: Proposal for encrypting pg_shadow passwords at 2001-08-16 13:56:24 from Bruce Momjian

Browse pgsql-patches by date

	From	Date	Subject
Next Message	Bruce Momjian	2001-08-16 13:43:17	Re: Re: Proposal for encrypting pg_shadow passwords
Previous Message	Bruce Momjian	2001-08-16 13:29:39	Re: Patch for JDBC to update some comments