| From: | Oliver Elphick <olly(at)lfix(dot)co(dot)uk> |
|---|---|
| To: | Daniel Martini <dmartini(at)uni-hohenheim(dot)de> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: libpq: passwords WAS: scripting & psql issues |
| Date: | 2004-08-19 10:14:20 |
| Message-ID: | 1092910460.19932.41.camel@braydb |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, 2004-08-19 at 08:30, Daniel Martini wrote:
> Hello list,
>
> Citing Alvaro Herrera <alvherre(at)dcc(dot)uchile(dot)cl>:
> > The problem here is that the password can't be stored one-way-hash
> > digested, because the cleartext version is needed to be sent to the
> > server.
>
> Actually why this is so has been a question for me for some time now, too.
> Did just nobody have the time / idea to implement support for sending
> hashed passwords to the server, or are there serious difficulties involved
> with this, and I don't see them?
As far as I am aware, crypt and md5 passwords are not sent in cleartext
form. password passwords (?!) are sent clear, but their use is
deprecated.
I think the password can't be stored hash-digested because it has to be
encrypted with a salt established at runtime. If you could just send
the same hash-digested password over and over, it would be no more
secure than a plaintext one.
Oliver Elphick
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Elphick | 2004-08-19 10:17:34 | Re: scripting & psql issues |
| Previous Message | Oliver Elphick | 2004-08-19 10:04:18 | Re: pg_dump feature request: Exclude tables? |