Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Bruce Momjian <maillist@candle.pha.pa.us>
From: Bruce Momjian <maillist@candle.pha.pa.us>
To: brett@work.chicken.org (Brett McCormick)
Cc: jwieck@debis.com, Andreas.Zeugswetter@telecom.at, pgsql-hackers@hub.org
Date: 1998-02-19T18:16:23Z
Lists: pgsql-hackers
> > > Have we considering using the unix crypt function for passwords? That > way it wouldn't matter (as much) if people saw the password, and would > still be (somewhat less) secure. > > On Thu, 19 February 1998, at 15:55:07, Jan Wieck wrote: I don't know what the problem with using crypt was. It may be because he passes a random salt to the user, and the user makes the password packet with the given salt and returns it to the backend. If we use crypt, we have to send a plaintext password over the network, don't we? -- Bruce Momjian maillist@candle.pha.pa.us