Skip site navigation (1) Skip section navigation (2)

Re: Re: Encrypting pg_shadow passwords

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Frank Ch(dot) Eigler" <fche(at)redhat(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Re: Encrypting pg_shadow passwords
Date: 2001-06-27 15:34:34
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
"Frank Ch. Eigler" <fche(at)redhat(dot)com> writes:
> Having scanned over the discussion again, my understanding is that Jim's
> proposed changes don't affect backwards compatibility.  As long as user
> passwords continue to be passed in plaintext to the server, the server
> can store encrypted passwords in the authentication table.

The 'passwd' mode wouldn't be affected, but the 'crypt' mode would be;
it would become less secure than it is now, because the server would be
forced to send the same salt always, and so a captured encrypted
password would be just as useful as a captured plaintext one.  That's
the step backwards.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Tom LaneDate: 2001-06-27 15:40:12
Subject: Re: Re: 7.2 items
Previous:From: Alex PilosovDate: 2001-06-27 15:31:09
Subject: Re: functions returning records

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group