Thread

  1. Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)

    D. Dante Lorenso <dlorenso@afai.com> — 1998-02-19T18:15:18Z

    does it matter if people are able to see the passwords?  I mean,
    if the passwords are stored in a table (preferable encrypted), and
    the table is only readable (select, insert, etc...) by the superuser
    or those of equal grant rights), then who cares?
    
    Dante
    
    .------------------------------------------.-----------------------.
    |  _ dlorenso@afai.com - D. Dante Lorenso  | Network Administrator |
    | | |    ___  _ _  ___  __ _  ___  ___     |                       |
    | | |__ / o \| '_|/ o_\|  \ |\_ _\/ o \    | Accounting Firms      |
    | |____|\___/|_|  \___/|_|\_|\___|\___/    | Associated, inc.      |
    | http://www.afai.com/~dlorenso            | http://www.afai.com/  |
    '------------------------------------------'-----------------------'
    
    -----Original Message-----
    From: Brett McCormick <brett@work.chicken.org>
    To: Jan Wieck <jwieck@debis.com>
    Cc: Zeugswetter Andreas SARZ <Andreas.Zeugswetter@telecom.at>;
    pgsql-hackers@hub.org <pgsql-hackers@hub.org>
    Date: Thursday, February 19, 1998 12:53 PM
    Subject: Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
    
    
    >
    >Have we considering using the unix crypt function for passwords?  That
    >way it wouldn't matter (as much) if people saw the password, and would
    >still be (somewhat less) secure.
    >
    >On Thu, 19 February 1998, at 15:55:07, Jan Wieck wrote:
    >
    >>     Cracked!
    >>
    >>     create table get_passwds (usename name, passwd text);
    >>     insert into get_passwds select usename, passwd from pg_user;
    >>     select * from get_passwds;
    >>     usename|passwd
    >>     -------+------
    >>     pgsql  |
    >>     wieck  |test
    >>     (2 rows)
    >>
    >>
    >>
    >> Sorry, Jan
    >>
    >> --
    >>
    >> #======================================================================#
    >> # It's easier to get forgiveness for being wrong than for being right. #
    >> # Let's break this rule - forgive me.                                  #
    >> #======================================== jwieck@debis.com (Jan Wieck) #
    >>
    >>
    >