Thread
-
Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Robson Paniago de Miranda <robson@mpdft.gov.br> — 1998-02-19T21:20:41Z
Bruce Momjian wrote: > > > > But it is not secure. Why have passwords then? > > > > > I think is better have the encrypted passwords and the salt in pg_user. > > I don't know if this will be bing a security hole :( > > > > If we do this, then what does the frontend pass us? > > -- > Bruce Momjian > maillist@candle.pha.pa.us I was thinking in the backend pass the salt stored in pg_user to the frontend, but doing that is (almost) the same as having the password stored in clear text. It was a bad idea :( Robson.