Re: [HACKERS] Updated TODO list

Bruce Momjian wrote:
> 
> [Charset iso-8859-1 unsupported, filtering to ASCII...]
> > > ADMIN
> > >
> > > * Better interface for adding to pg_group
> > > * More access control over who can create tables and access the database
> > > * Add syslog functionality
> > > * Allow elog() to return error codes, not just messages
> > > * Allow international error message support and add error codes
> > > * Generate postmaster pid file and remove flock/fcntl lock code
> > > * Add ability to specifiy location of lock/socket files
> >
> > How about:
> > * Not storing passwords in plain text
> 
> But we don't, do we?  I thougth they were hashed.

doselect * from pg_shadow;

I think that it was agreed that it is better when they can't bw snatched
from 
network than to have them hashed in db. 
Using currently known technologies we must either either know the
original password 
and use challenge-response on net, or else use plaintext (or equivalent)
on the wire.

-------------------
Hannu