From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Thom Brown <thom(at)linux(dot)com> |
Cc: | Josh Kupershmidt <schmiddy(at)gmail(dot)com>, Machiel Richards <machielr(at)rdc(dot)co(dot)za>, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
Subject: | Re: Postgresql security checks |
Date: | 2010-09-07 23:26:05 |
Message-ID: | 201009072326.o87NQ5l03271@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Thom Brown wrote:
> > It is documented here:
> >
> > ? ? ? ?http://www.postgresql.org/docs/9.0/static/encryption-options.html
> > ? ? ? ?17.7. Encryption Options
> > ? ? ? ?Encrypting Passwords Across A Network
> >
> > ? ? ? ? ? ?The MD5 authentication method double-encrypts the password on the
> > ? ? ? ?client before sending it to the server. It first MD5-encrypts it based
> > ? ? ? ?on the user name, and then encrypts it based on a random salt sent by
> > ? ? ? ?the server when the database connection was made. It is this
> > ? ? ? ?double-encrypted value that is sent over the network to the server.
> > ? ? ? ?Double-encryption not only prevents the password from being discovered,
> > ? ? ? ?it also prevents another connection from using the same encrypted
> > ? ? ? ?password to connect to the database server at a later time.
>
> The difference with that is that it's talking about how passwords are
> protected by a form of encryption when sent across a connection rather
> than how they're stored in a database.
Yes, you are right. Should this be documented? Where?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2010-09-08 01:56:00 | Re: Raw Device Support |
Previous Message | Thom Brown | 2010-09-07 23:13:53 | Re: Postgresql security checks |