| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Andrus <kobruleht2(at)hot(dot)ee> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Password encryption method |
| Date: | 2007-01-22 16:25:33 |
| Message-ID: | 20070122162533.GA12223@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sun, Jan 21, 2007 at 15:16:37 +0200,
Andrus <kobruleht2(at)hot(dot)ee> wrote:
>
> >No, the tables would be on the server, the same as was already being done.
> >Using a separate table makes it more future proof.
>
> To access tables in server, you need to login into server.
> To login into server, you need postresql user name and password sent by
> client and thus stored in client computer.
>
> It is possible to obtain this information from client computer and use it
> for unauthirized access to data.
This is the same problem as checking the password versus the native (to
postgres) password hashes. I suggested having private tables as an alternative
to that in order for the OP to not have problems with future upgrades, which
was the original question.
I didn't give an opinion on whether or not the whole approach was a good
idea or not, since there wasn't enough detail in the original question.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Muszynski | 2007-01-22 16:25:37 | Re: security question |
| Previous Message | Alan Hodgson | 2007-01-22 16:24:59 | Re: triggers and TriggerData |