Password thread (was: Re: [HACKERS] Updated TODO list)
От | Louis Bertrand |
---|---|
Тема | Password thread (was: Re: [HACKERS] Updated TODO list) |
Дата | |
Msg-id | Pine.BSO.4.10.9907151657500.11086-100000@tronix.bertrandtech.on.ca обсуждение исходный текст |
Ответ на | Re: [HACKERS] Updated TODO list (Bruce Momjian <maillist@candle.pha.pa.us>) |
Ответы |
Re: Password thread (was: Re: [HACKERS] Updated TODO list)
("Henry B. Hotz" <hotz@jpl.nasa.gov>)
|
Список | pgsql-hackers |
Agreed: over the wire is _very_ important. The question remains: does the pgsql development team want to take on the responsibility of implementing such a scheme at the application layer? There are plenty of very good link/network/transport layer schemes in existence already. You'd just be reinventing. In a benign environment you don't worry about securing the wire (as with protocols like telnet/rlogin, ftp and POP/IMAP). In a more cautious environment, you apply well-known and understood encryption/authentication schemes at a layer below the application (IPsec, SSH, SSL, Java security, Kerberos, and there are plenty in the Microsoft world too). But above all: do not store passwords in cleartext. It makes it ridiculously easy for an attacker to take over user accounts. Let's say they're kiddies who cracked root just by using a widely available exploit, then, for free, they get the rest of the passwords in clear. Bonus! Ciao--Louis <louis@bertrandtech.on.ca> Louis Bertrand http://www.bertrandtech.on.ca Bertrand Technical Services, Bowmanville, ON, Canada Tel: +1.905.623.8925 Fax: +1.905.623.3852 OpenBSD: Secure by default. http://www.openbsd.org/ On Thu, 15 Jul 1999, Bruce Momjian wrote: > > I agree with Gene. Following this discussion, I sense a reluctance to > > implement stronger password schemes because of the extra development > > hassles (compatibility, crypto prohibitions, maintenance). > > > > 1) Divide and conquer: the developers are concerned about both "over the > > wire" and server passwords. I suggest you focus on the server side and > > leave the over the wire security to the DB admin/sys.admin as an > > installation issue. If they choose to use SSL, SSH, IPsec or a home-grown > > authentication handshake, that's of no concern to pgsql. Just think of it > > as a telnet session into the server. > > > > 2) On the server side, use the native crypt(3) by default (or the NT > > equivalent) and store the password hash. The strength of the crypt will > > vary depending on the installation, but that's really up to the choice of > > OS and installation. If someone wants to patch for PAM, Kerberos or > > whatever, that's fine too, as long as you can always revert back to the > > plain old crypt(3). > > > > I disagree. Over the wire seems more important than protecting the > passwords from the eyes of the database administrator, which in _most_ > cases is the system owner anyway. > > -- > Bruce Momjian | http://www.op.net/~candle > maillist@candle.pha.pa.us | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 > > >
В списке pgsql-hackers по дате отправления: