Re: How passwords can be crypted in postgres?
| От | |
|---|---|
| Тема | Re: How passwords can be crypted in postgres? |
| Дата | |
| Msg-id | 20010102205022.18262.qmail@mailhost.sidereal.kz обсуждение исходный текст |
| Ответ на | Re: How passwords can be crypted in postgres? (Jens Hartwig <jhartwig@debis.com>) |
| Список | pgsql-general |
> If you encrypt the input from the frontend as well and compare the > encrypted strings it will not help you to look into the list of > encrypted passwords ... or am I wrong? If you encrypt the input from the frontend, then someone who had the encrypted passwords and could hack into the front end would be able to control the situation. If someone could hack into the backend and change encrypted passwords, he would have control. Really, we're talking about shared secrets here, and if the secrecy of the shared secret is violated, there's nothing you can do. Public key would be better because you don't have to worry about secrecy, only about it never changing. You could achieve this with some kind of physical medium, like writing private keys to a write-once medium of some kind. Btw, speaking encrypting, I HOPE a future version of PG will have SHA1 in addition to MD5. No one should be using MD5 anymore.
В списке pgsql-general по дате отправления: