Re: [HACKERS] Updated TODO list
Bruce Momjian <maillist@candle.pha.pa.us>
From: Bruce Momjian <maillist@candle.pha.pa.us>
To: Hannu Krosing <hannu@trust.ee>
Cc: Gene Sokolov <hook@aktrad.ru>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 1999-07-09T16:40:45Z
Lists: pgsql-hackers
> > But we don't, do we? I thougth they were hashed. > > do > select * from pg_shadow; > > I think that it was agreed that it is better when they can't bw snatched > from > network than to have them hashed in db. > Using currently known technologies we must either either know the > original password > and use challenge-response on net, or else use plaintext (or equivalent) > on the wire. Yes, I remember now, we hash them with random salt before sending them to the client, and they are only visible to the postgres user. -- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026