Skip site navigation (1) Skip section navigation (2)

Re: md5 passwords and pg_shadow

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Neil Conway <nconway(at)klamath(dot)dyndns(dot)org>
Cc: "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>,pgsql-hackers(at)postgresql(dot)org
Subject: Re: md5 passwords and pg_shadow
Date: 2002-04-25 17:32:27
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Neil Conway <nconway(at)klamath(dot)dyndns(dot)org> writes:
> IMHO, there are two separate processes going on here:

The connection you are missing is that hashed password storage is
incompatible with crypt-style password transmission.  If we force
hashed storage then the only password transmission style available
to pre-7.2 clients is cleartext.  It's not at all clear that securing
the on-disk representation is a more important goal than wire security.
(Perhaps it is for some cases, but in other cases it's surely not.)
So the parameter variable is there to let the DBA choose which he's
more worried about.

We should probably change the default setting for 7.3, but I don't
think we'll be able to force hashed storage of passwords in all
installations for awhile longer yet.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Bruce MomjianDate: 2002-04-25 17:37:20
Subject: Re: md5 passwords and pg_shadow
Previous:From: F HarvellDate: 2002-04-25 17:30:34
Subject: Re: non-standard escapes in string literals

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group