Re: Encrypting pg_shadow passwords
| От | Bruce Momjian |
|---|---|
| Тема | Re: Encrypting pg_shadow passwords |
| Дата | |
| Msg-id | 200106261503.f5QF3cT06893@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: Encrypting pg_shadow passwords (Jim Mercer <jim@reptiles.org>) |
| Ответы |
Re: Re: Encrypting pg_shadow passwords
|
| Список | pgsql-hackers |
> On Mon, Jun 25, 2001 at 02:34:51PM +0800, Lincoln Yeoh wrote: > > At 12:51 AM 26-06-2001 -0400, Jim Mercer wrote: > > >this is not so much an enhancement, but a correction of what i think the > > >original "password" authentication scheme was supposed to allow. > > > > Yep it's a correction. pg_shadow shouldn't have been in plaintext in the > > first place. > > > > host all 127.0.0.1 255.255.255.255 password > > should have meant check crypted passwords in pg_shadow. > > > > Given your suggestion, what happens when someone does an ALTER USER ... > > WITH PASSWORD ....? > > > > Might it be too late to do a fix? > > i didn't want to change things too much. in the case of ALTER USER, the > code would need to encrypt the password beforehand, either inline, or > using a pgsql-contrib crypt() function. (i have this if you want it) > > the fix is for the authentication behaviour, not the adminitrative interface > (ie. ALTER USER). But the fix disables crypt authentication, at least until we do double encryption. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
В списке pgsql-hackers по дате отправления: