From: | Michael Graff <explorer(at)flame(dot)org> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | M(dot)Boekhold(at)ET(dot)TUDelft(dot)NL, pgsql-hackers(at)postgreSQL(dot)org, pgsql-interfaces(at)postgreSQL(dot)org, pgsql-patches(at)postgreSQL(dot)org |
Subject: | Re: [PATCHES] Re: [HACKERS] User authentication bug? |
Date: | 1998-08-02 19:54:57 |
Message-ID: | v6d8ajw44u.fsf@kechara.lh.vix.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-interfaces |
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> With the attached patch, I have verified that long (> 8char anyway)
> usernames and passwords work correctly in both "password" and "crypt"
> authorization mode. NOTE: at least on my machine, it seems that the
> crypt() routines ignore the part of the password beyond 8 characters,
> so there's no security gain from longer passwords in crypt auth mode.
> But they don't fail.
Which is why postgres should use MD5, salted with the username, as a
password one-way hash. :)
--Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 1998-08-02 22:40:28 | Re: [INTERFACES] Re: [HACKERS] User authentication bug? |
Previous Message | Thomas G. Lockhart | 1998-08-02 13:56:17 | Re: follow up Re: [HACKERS] SPI_connect always fails. |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 1998-08-02 22:40:28 | Re: [INTERFACES] Re: [HACKERS] User authentication bug? |
Previous Message | Tom Lane | 1998-08-02 19:33:37 | Re: [INTERFACES] psqlodbc |