| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Password encryption method |
| Date: | 2007-01-19 14:47:53 |
| Message-ID: | 20070119144753.GD10356@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Jan 19, 2007 at 09:31:49AM +0100, Bertram Scharpf wrote:
> Hi,
>
> looking at the source code I find out that this works:
<snip>
> May I rely on this in future versions or are there more
> sophisticated ways to do it?
Umm, how much more sophisticated do you want? It's more sophicticated
than a standard UNIX password file, for example. For password
authentication the server either needs to be able to verify the
password supplied by the user, and you have the same information the
server does, so you can do it too.
Only superusers have access to pg_authid anyway, and they can already
login as anybody.
If you don't like it, don't use password authentication, there are a
number of other methods.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Darcy Buskermolen | 2007-01-19 14:48:26 | Re: [HACKERS] Autovacuum Improvements |
| Previous Message | Michael Fuhr | 2007-01-19 14:43:48 | Re: Spam from EnterpriseDB? |