Re: Re: Encrypting pg_shadow passwords

On Tue, Jun 26, 2001 at 11:02:15AM -0400, Bruce Momjian wrote:
> This is the first time I am hearing people are more concerned about
> pg_shadow security than the wire security.  I can see cases where people
> are on secure networks or are using only local users where having
> pg_shadow encrypted is more important than crypt authentication. 
> Fortunately the new system will solve both problems.

The crypt authentication currently used offers _no_ security.  If I can
sniff on the wire, I can hijack the tcp stream, and trick the client
into doing password authentication.

Also, the double crypt authentication offers no advantage over the wire.

You're better off just doing an md5crypt() on the server side, and just
passing the password in the clear.  At least you're not confusing users
into thinking that they're secure.

Of course, SSL *if done correctly with certificate verification* is the
correct fix.  If no certificate verification is done, you fall victim to
a man-in-the-middle attack.

-- 
Michael Samuel <michael@miknet.net>