On Fri, 5 May 2000, The Hermit Hacker wrote:
> You've lost me here ... the only person(s) that can get at those passwords
> are those that have compromised the system already. Even if the passwords
> *weren't* in cleartext, there is nothing that stops me from downloading
> the data/* directory down to my computer and running pg_upgrade to "make
> it my own", removing the passwords ...
You don't get it. Its one of most basic things about security of the
password databases: Cleartext must not be available for anyone, not even
the administrators. The damage one can do with list of 10000 passwords
far exceeds damage you can do to the database which contain these
passwords. Why? Because people tend to use same password everywhere.
(Yes, I know that they shouldn't, however, you must take good care of
passwords users entrusted to you).
There is no excuse for not storing it as a hash or at least in crypt(3)
way.
-alex