Re: Hashing passwords (was Updated TODO list)

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: Hashing passwords (was Updated TODO list)
Дата
Msg-id 199907091646.MAA01244@candle.pha.pa.us
обсуждение исходный текст
Ответ на Hashing passwords (was Updated TODO list)  ("Gene Sokolov" <hook@aktrad.ru>)
Ответы Re: [HACKERS] Re: Hashing passwords (was Updated TODO list)  (Louis Bertrand <louis@bertrandtech.on.ca>)
Список pgsql-hackers
Дерево обсуждения 
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> From: Bruce Momjian <maillist@candle.pha.pa.us>
> > > > ADMIN
> > > >
> > > How about:
> > > * Not storing passwords in plain text
> >
> > But we don't, do we?  I thougth they were hashed.
> 
> maybe I miss something but it does not look so to me:
> 
> [PostgreSQL 6.5.0 on i386-unknown-freebsd3.2, compiled by gcc 2.7.2.1]
> 
> test1=> select * from pg_shadow;
> usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd|valuntil
> --------+--------+-----------+--------+--------+---------+------+-----------
> -----------------
> postgres|    2000|t          |t       |t       |t        |      |Sat Jan 31
> 09:00:00 2037 MSK
> afmmgr  |    2001|f          |t       |f       |t        |mgrpwd|
> afmusr  |    2002|f          |t       |f       |t        |usrpwd|
> (3 rows)

Yes, I remember now.  We keep them in clear, because we send random
salt-encrypted versions over the wire.  Only Postgresql can read this
table.


--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: [HACKERS] "24" < INT_MIN returns TRUE ???
Следующее
От: Leon
Дата:
Сообщение: Re[2]: [HACKERS] Fwd: Joins and links