Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Поиск
Список
Период
Сортировка
От D. Dante Lorenso
Тема Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Дата
Msg-id 01bd3d61$66905920$3a151ecf@redhat.afai.com
обсуждение исходный текст
Ответы Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Список pgsql-hackers
Дерево обсуждения 
Crypt sounds good.  I like that Idea.  I also use the unix crypt
function to password protect httpd.

Right now this is done with PERL doing the encryption and sticking
it into the database in a char field.  Then, another prog dumps
the passwords periodically into the httpd password file.

This would allow me to export the crypted passwords to the webserver
as well?  It would be convenient to be able to use the same password
in both places.

------- OTHER WISE ---- CAN WE STEAL IDEAS FROM OTHERS? --------

I'm also running MySQL (trying to switch to PG, but waiting for ODBC
to catch up), I like the mysql feature of inserting passords by:

    insert into user (host,user,password)
    values ("domain.com","dlorenso",password('psswrd');

then if I

    select (host,user,password) * from user;

I will get something like:

...
| domain.com | dlorenso | 2cfcb63e23e2d463 |
...

Dante


.------------------------------------------.-----------------------.
|  _ dlorenso@afai.com - D. Dante Lorenso  | Network Administrator |
| | |    ___  _ _  ___  __ _  ___  ___     |                       |
| | |__ / o \| '_|/ o_\|  \ |\_ _\/ o \    | Accounting Firms      |
| |____|\___/|_|  \___/|_|\_|\___|\___/    | Associated, inc.      |
| http://www.afai.com/~dlorenso            | http://www.afai.com/  |
'------------------------------------------'-----------------------'
-----Original Message-----
From: Brett McCormick <brett@work.chicken.org>
To: Jan Wieck <jwieck@debis.com>
Cc: Zeugswetter Andreas SARZ <Andreas.Zeugswetter@telecom.at>;
pgsql-hackers@hub.org <pgsql-hackers@hub.org>
Date: Thursday, February 19, 1998 12:53 PM
Subject: Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)


>
>Have we considering using the unix crypt function for passwords?  That
>way it wouldn't matter (as much) if people saw the password, and would
>still be (somewhat less) secure.
>
>On Thu, 19 February 1998, at 15:55:07, Jan Wieck wrote:
>
>>     Cracked!
>>
>>     create table get_passwds (usename name, passwd text);
>>     insert into get_passwds select usename, passwd from pg_user;
>>     select * from get_passwds;
>>     usename|passwd
>>     -------+------
>>     pgsql  |
>>     wieck  |test
>>     (2 rows)
>>
>>
>>
>> Sorry, Jan
>>
>> --
>>
>> #======================================================================#
>> # It's easier to get forgiveness for being wrong than for being right. #
>> # Let's break this rule - forgive me.                                  #
>> #======================================== jwieck@debis.com (Jan Wieck) #
>>
>>
>

В списке pgsql-hackers по дате отправления: