Thread

  1. Re: Re: Encrypting pg_shadow passwords

    Jim Mercer <jim@reptiles.org> — 2001-06-27T02:16:00Z

    On Tue, Jun 26, 2001 at 10:18:37AM -0400, Tom Lane wrote:
    > though I would note that anyone who is able to examine the
    > contents of pg_shadow has *already* broken into your database
    
    note: the dbadmin ay not bethe system administrator, but the dbadmin,
    by default (with plaintext) can scoop an entirelist of "useful" passwords,
    since many users (like it or not) use the same/similar passwords for
    multiple accounts.
    
    > There's no reason to spend any additional work on it.
    
    hmmm.  what is the expected date of rollout of the new code with a backwards
    compatible API (i don't mind recompiling), which has encrypted passwords
    in pg_shadow?
    
    -- 
    [ Jim Mercer        jim@reptiles.org         +1 416 410-5633 ]
    [ Now with more and longer words for your reading enjoyment. ]