RE: [HACKERS] Updated TODO list
От | John Ridout |
---|---|
Тема | RE: [HACKERS] Updated TODO list |
Дата | |
Msg-id | 001501becc6c$bf00fd80$0301010a@johnridout обсуждение исходный текст |
Ответ на | Re: [HACKERS] Updated TODO list (Bruce Momjian <maillist@candle.pha.pa.us>) |
Ответы |
Re: [HACKERS] Updated TODO list
|
Список | pgsql-hackers |
I'm using 6.4 so you may want to ignore everything I say. I created a new user with create db and create user permission. With said new user I "select * from pg_shadow". Is that right? John. > > > I can "select * from pgshadow" as the database owner. > > Are you saying you can do this as a database owner, not the postgres > user? I just tried it, and was not able to see the table contents: > > xx=> select * from pg_shadow; > ERROR: pg_shadow: Permission denied. > > Yes, only the installation owner can do that. No way to do > password stuff > unless the 'postgres' user can access the passwords, righ? Is that a > problem? > > > > > -----Original Message----- > > > From: owner-pgsql-hackers@postgreSQL.org > > > [mailto:owner-pgsql-hackers@postgreSQL.org]On Behalf Of > Bruce Momjian > > > Sent: 09 July 1999 17:41 > > > To: Hannu Krosing > > > Cc: Gene Sokolov; PostgreSQL-development > > > Subject: Re: [HACKERS] Updated TODO list > > > > > > > > > > > But we don't, do we? I thougth they were hashed. > > > > > > > > do > > > > select * from pg_shadow; > > > > > > > > I think that it was agreed that it is better when they > > > can't bw snatched > > > > from > > > > network than to have them hashed in db. > > > > Using currently known technologies we must either > either know the > > > > original password > > > > and use challenge-response on net, or else use plaintext > > > (or equivalent) > > > > on the wire. > > > > > > Yes, I remember now, we hash them with random salt before > sending them > > > to the client, and they are only visible to the postgres user. > > > > > > -- > > > Bruce Momjian | http://www.op.net/~candle > > maillist@candle.pha.pa.us | (610) 853-3000 > > + If your life is a hard drive, | 830 Blythe Avenue > > + Christ can be your backup. | Drexel Hill, > > Pennsylvania 19026 > > > > > > -- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
В списке pgsql-hackers по дате отправления: