Re: Encrypting pg_shadow passwords
| От | Tom Lane |
|---|---|
| Тема | Re: Encrypting pg_shadow passwords |
| Дата | |
| Msg-id | 24433.992615659@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Encrypting pg_shadow passwords (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Ответы |
Re: Encrypting pg_shadow passwords
|
| Список | pgsql-hackers |
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> I think the script idea may be best but it will have to be saved
> somewhere so once you run it all future password changes are encrypted
> in pg_shadow.
More to the point, how does the postmaster know that it's now dealing
with encrypted passwords and must use the double-salt auth method?
Seems to me that this is not a simple matter of changing the data in one
column of pg_shadow.
The thing I like about a configure option is that when it's in place you
know it's in place. No question of whether some rows of pg_shadow
managed to escape being updated, or any silliness like that. Your point
about "they think they are safe but they are not" seems relevant here.
regards, tom lane
В списке pgsql-hackers по дате отправления: