Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Robson Paniago de Miranda <robson@mpdft.gov.br>

From: Robson Paniago de Miranda <robson@mpdft.gov.br>
To: Bruce Momjian <maillist@candle.pha.pa.us>
Cc: pgsql-hackers@hub.org
Date: 1998-02-19T21:20:41Z
Lists: pgsql-hackers
Bruce Momjian wrote:
> 
> > > But it is not secure.  Why have passwords then?
> > >
> >       I think is better have the encrypted passwords and the salt in pg_user.
> > I don't know if this will be bing a security hole :(
> >
> 
> If we do this, then what does the frontend pass us?
> 
> --
> Bruce Momjian
> maillist@candle.pha.pa.us

	I was thinking in the backend pass the salt stored in pg_user to the
frontend, but doing that is (almost) the same as having the password
stored in clear text. It was a bad idea :(

	Robson.