Skip site navigation (1) Skip section navigation (2)

Re: [PATCHES] Re: [HACKERS] User authentication bug?

From: Michael Graff <explorer(at)flame(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: M(dot)Boekhold(at)ET(dot)TUDelft(dot)NL, pgsql-hackers(at)postgreSQL(dot)org, pgsql-interfaces(at)postgreSQL(dot)org, pgsql-patches(at)postgreSQL(dot)org
Subject: Re: [PATCHES] Re: [HACKERS] User authentication bug?
Date: 1998-08-02 19:54:57
Message-ID: v6d8ajw44u.fsf@kechara.lh.vix.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-interfaces
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:

> With the attached patch, I have verified that long (> 8char anyway)
> usernames and passwords work correctly in both "password" and "crypt"
> authorization mode.  NOTE: at least on my machine, it seems that the
> crypt() routines ignore the part of the password beyond 8 characters,
> so there's no security gain from longer passwords in crypt auth mode.
> But they don't fail.

Which is why postgres should use MD5, salted with the username, as a
password one-way hash.  :)

--Michael

In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 1998-08-02 22:40:28
Subject: Re: [INTERFACES] Re: [HACKERS] User authentication bug?
Previous:From: Thomas G. LockhartDate: 1998-08-02 13:56:17
Subject: Re: follow up Re: [HACKERS] SPI_connect always fails.

pgsql-interfaces by date

Next:From: Tom LaneDate: 1998-08-02 22:40:28
Subject: Re: [INTERFACES] Re: [HACKERS] User authentication bug?
Previous:From: Tom LaneDate: 1998-08-02 19:33:37
Subject: Re: [INTERFACES] psqlodbc

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group