Re: PostgreSQL Password Cracker

Devrim GUNDUZ wrote:
> Hi,
> 
> On Sal, 2002-12-31 at 19:38, Tom Lane wrote:
> >
> > This is not a cracker, this is just a brute-force "try all possible
> > passwords" search program (and a pretty simplistic one at that).
> 
> Ah, you're right.
> 
> > I'd say all this proves is the importance of choosing a good password.
> > Using only lowercase letters is a *bad* idea, especially if you're only
> > going to use five of 'em...
> 
> I had no time to search throug the code; but as far as I understood, it
> *attacks* the database servers with TCP/IP on, right?

It sniffs the packets going over the wire, so it can only be internet
sockets, not unix domain sockets (both use tcp/ip).

They basically sniff the text we send, and try passwords until the
result matches the successful reply the client sent.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073