Re: md5 passwords and pg_shadow

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>
Cc: "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: md5 passwords and pg_shadow
Date: 2002-04-25 17:32:27
Message-ID: 3419.1019755947@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Neil Conway <nconway(at)klamath(dot)dyndns(dot)org> writes:
> IMHO, there are two separate processes going on here:

The connection you are missing is that hashed password storage is
incompatible with crypt-style password transmission. If we force
hashed storage then the only password transmission style available
to pre-7.2 clients is cleartext. It's not at all clear that securing
the on-disk representation is a more important goal than wire security.
(Perhaps it is for some cases, but in other cases it's surely not.)
So the parameter variable is there to let the DBA choose which he's
more worried about.

We should probably change the default setting for 7.3, but I don't
think we'll be able to force hashed storage of passwords in all
installations for awhile longer yet.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2002-04-25 17:37:20 Re: md5 passwords and pg_shadow
Previous Message F Harvell 2002-04-25 17:30:34 Re: non-standard escapes in string literals