Re: Re: Proposal for encrypting pg_shadow passwords

On Wed, 15 Aug 2001, Bruce Momjian wrote:

> > > That is from Vince's code, I think. Can you suggest a fix?
> > >
> > > > What's your rush? Is there a deadline now?
> > >
> > > I want to do SCM patch, then write presentation for LinuxWorld, and go
> > > to Linuxworld. Then we are at the end of August. Also, people need to
> > > do the Java MD5 code, and if I want that before we start 7.2 beta, I
> > > feel rushed.
> >
> > Interesting... When I first put together a test version of the md5
> > stuff and asked this list to check it out on as many platforms as
> > possible I got one or two responses. I now know the only way to get
> > more than a couple of responses is to threaten the code be committed. :(
>
> Yep. The cool part is that people are already using it (or at least
> compiling it).
>
> I am making good progress on the SCM credentials stuff now. It will
> work on FreeBSD and BSD/OS and hopefully others. This, with clarified
> pg_hba.conf, and the encrypted pg_shadow stuff should make our
> authentication more secure in 7.2. I never liked that TRUST option.
>
> Vince, I can't figure out how that pgcrypto API for MD5. I have to
> strip out the general stuff, and when I do, do I leave MD5 stuff in
> pgcrypto. Confusing.

I've never looked at pgcrypto, unfortunately it'll be a week or two
before I can even think about it (unless this weekend takes the ugly
turn it's trying so hard to take!).

Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
56K Nationwide Dialup from $16.00/mo at Pop4 Networking
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================