Re: How passwords can be crypted in postgres?
| От | John Clark L. Naldoza |
|---|---|
| Тема | Re: How passwords can be crypted in postgres? |
| Дата | |
| Msg-id | 3A53C939.DC851913@ntsp.nec.co.jp обсуждение исходный текст |
| Ответ на | Re: How passwords can be crypted in postgres? ("Gordan Bobic" <gordan@freeuk.com>) |
| Список | pgsql-general |
Hello All, It seems to me that a solution for this specific problem (Man-in-the-middle) can be found via SSH Tunneling...;-) Using OpenSSH of course...;-) If you are using (redhat) linux, I believe there is a great book online found at http://www.openna.com called Securing and Optimizing Redhat Linux. There are a bunch of other ways that you can do... But as for the original thread... I think you can encrypt passwords in postgres...;-) But what do I know..;-) > I was referring to a different aspect of security. I was referring to > preventing more of a "man-in-the-middle" type of attack. If you have a > packet sniffer somewhere between the client and the server, then someone > could read your packet containing the encrypted password and use it to > authenticate to the server, without knowing or caring what the real > password is. If you can send the encrypted password to the server that > matches, you're in. > > One way to secure this sort of setup is by using RSA-type algorythm where > both client and server get to share a secret without actually transmitting > any part of the actual key. This coupled with some form of authentication > that would eliminate the man-in-the-middle attack (which would make that > system voulnerable as well, because if someone is running a proxy in > between you, they would also potentially know the shared secret) should > bolt the system down completely. One obvious way to work around this all is > to use public key cryptography such as PGP, which would remain secure as > long as the private keys remain secure. > > But, the level of security required largely depends on what you are doing, > and what sort of attack you want to protect yourself against... > > Regards. > > Gordan -- /) John Clark Naldoza y Lopez (\ / ) Software Design Engineer II ( \ _( (_ _ Web-Application Development _) )_ (((\ \> /_> Cable Modem Network Management System <_\ </ /))) (\\\\ \_/ / NEC Telecom Software Phils., Inc. \ \_/ ////) \ / \ / \ _/ phone: (+63 32) 233-9142 loc. 3112 \_ / / / cellphone: (+63 919) 813-6274 \ \ / / email: njclark@ntsp.nec.co.jp \ \
В списке pgsql-general по дате отправления: