On Wed, Jul 11, 2001 at 01:00:42PM -0400, Bruce Momjian wrote:
> > * HMAC - Wrap all postgres data in an HMAC (I believe this requires an
> > plaintext-like password on the server as does crypt and the double
> > crypt scheme)
>
> No, double-crypt has the passwords stored encrypted.
You missed my point. If I can get hold of the encrypted password in
the database, I can hack up a client library to use the encrypted
password to log in. Therefore, encrypting the password in pg_shadow
offers no advantage.
> > * Public Key (RSA/DSA) - Use public key cryptography to negotiate a
> > connection. (When I'm not busy, I may decide to do this myself)
>
> SSL?
I'd use the OpenSSL libraries to implement it, but we're talking about
public key authentication here, not connection encryption.
--
Michael Samuel <michael@miknet.net>