Re: You're on SecurityFocus.com for the cleartext passwords.

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: You're on SecurityFocus.com for the cleartext passwords.
Дата
Msg-id 12190.957651174@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: You're on SecurityFocus.com for the cleartext passwords.  (Benjamin Adida <ben@mit.edu>)
Ответы Re: You're on SecurityFocus.com for the cleartext passwords.  (Bruce Momjian <pgman@candle.pha.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
Benjamin Adida <ben@mit.edu> writes:
> I think it's overkill to impose SSL for everything.

Agreed, and in any case we are not going to require people to install
SSL before they can use Postgres.  It's an appropriate tool for some
people to use depending on what their security situation is.

I think we are converging on a plan that involves switching from crypt
to MD5 as our password-hashing algorithm, so given that we are going to
need a client upgrade anyway, we can throw in the double hashing (two
salt) method you proposed without any extra pain.  Might as well protect
the password against sniffing if we can...
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: You're on SecurityFocus.com for the cleartext passwords.
Следующее
От: Tom Lane
Дата:
Сообщение: Re: ROLLBACK of DROP TABLE leaves database in inconsistent state