| From: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Ron Snyder <snyder(at)roguewave(dot)com>, Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Open 7.3 items |
| Date: | 2002-08-01 01:50:34 |
| Message-ID: | 20020731225017.Q83339-100000@mail1.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 31 Jul 2002, Bruce Momjian wrote:
> Ron Snyder wrote:
> > >
> > > Yes, is that your pg_hba.conf line? 'password' is insecure over
> > > networks you don't trust.
> >
> > Yes, we're using 'password password' in our pg_hba.conf file. I trust my
> > network (so far).
>
> That is another major limitation to secondary password files. In fact,
> md5 will not even work because we assume the username is used as the
> salt for the md5 encryption. We don't store the salt as part of the
> encrypted password like crypt does.
>
> This was another reason secondary password files were discouraged.
discouraged?? where? :)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2002-08-01 02:06:07 | Re: Trimming the Fat, Part Deux ... |
| Previous Message | Marc G. Fournier | 2002-08-01 01:48:56 | Re: Open 7.3 items |