RE: [HACKERS] Updated TODO list
От | John Ridout |
---|---|
Тема | RE: [HACKERS] Updated TODO list |
Дата | |
Msg-id | 000301becc46$4e80e640$0301010a@johnridout обсуждение исходный текст |
Ответ на | Re: [HACKERS] Updated TODO list (Bruce Momjian <maillist@candle.pha.pa.us>) |
Ответы |
Re: [HACKERS] Updated TODO list
Re: [HACKERS] Updated TODO list |
Список | pgsql-hackers |
I can "select * from pgshadow" as the database owner. > -----Original Message----- > From: owner-pgsql-hackers@postgreSQL.org > [mailto:owner-pgsql-hackers@postgreSQL.org]On Behalf Of Bruce Momjian > Sent: 09 July 1999 17:41 > To: Hannu Krosing > Cc: Gene Sokolov; PostgreSQL-development > Subject: Re: [HACKERS] Updated TODO list > > > > > But we don't, do we? I thougth they were hashed. > > > > do > > select * from pg_shadow; > > > > I think that it was agreed that it is better when they > can't bw snatched > > from > > network than to have them hashed in db. > > Using currently known technologies we must either either know the > > original password > > and use challenge-response on net, or else use plaintext > (or equivalent) > > on the wire. > > Yes, I remember now, we hash them with random salt before sending them > to the client, and they are only visible to the postgres user. > > -- > Bruce Momjian | http://www.op.net/~candle > maillist@candle.pha.pa.us | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, > Pennsylvania 19026 > >
В списке pgsql-hackers по дате отправления: