Re: [HACKERS] Updated TODO list
Bruce Momjian <maillist@candle.pha.pa.us>
From: Bruce Momjian <maillist@candle.pha.pa.us>
To: Gene Sokolov <hook@aktrad.ru>
Cc: Jan Wieck <jwieck@debis.com>, pgsql-hackers@postgreSQL.org
Date: 1999-07-13T16:55:59Z
Lists: pgsql-hackers
[Charset koi8-r unsupported, filtering to ASCII...] > From: Jan Wieck <wieck@debis.com> > > > > > > I can "select * from pgshadow" as the database owner. > > > > > > > You must be a database superuser or a superuser must have > > granted SELECT right for pg_shadow to you. > > > > > > Jan > > DB admin has no business knowing other's passwords. The current security > scheme is seriously flawed. > But it is the db passwords, not the Unix passwords. How are we supposed to make this work if the db doesn't know the passwords, AND use random salt over the wire? -- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026