Thread

  1. Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

    Robson Paniago de Miranda <robson@mpdft.gov.br> — 1998-02-19T21:20:41Z

    Bruce Momjian wrote:
    > 
    > > > But it is not secure.  Why have passwords then?
    > > >
    > >       I think is better have the encrypted passwords and the salt in pg_user.
    > > I don't know if this will be bing a security hole :(
    > >
    > 
    > If we do this, then what does the frontend pass us?
    > 
    > --
    > Bruce Momjian
    > maillist@candle.pha.pa.us
    
    	I was thinking in the backend pass the salt stored in pg_user to the
    frontend, but doing that is (almost) the same as having the password
    stored in clear text. It was a bad idea :(
    
    	Robson.