From: | Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> |
---|---|
To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
Cc: | Dave Page <dpage(at)vale-housing(dot)co(dot)uk>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Andreas Pflug <pgadmin(at)pse-consulting(dot)de> |
Subject: | Re: [pgadmin-hackers] Client-side password encryption |
Date: | 2005-12-20 02:09:52 |
Message-ID: | 43A767F0.3020603@familyhealth.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
>>I've already implemented this in phpPgAdmin trivially using the md5()
>>function. I can't be bothered using a C library function :D
>
> IIRC the whole point of this exercise was to avoid passing the password
> to the server in the first place. Unless you are talking about a PHP
> md5() password of course ...
Yes...
However of course in phpPgAdmin the password has already been sent
cleartext to the webserver from your browser, and the database
connection password parameter is still sent in the clear so...
Chris
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-12-20 03:03:29 | Re: Lock issue when trying to vacuum db |
Previous Message | Christopher Kings-Lynne | 2005-12-20 02:08:54 | Re: [pgadmin-hackers] Client-side password encryption |