Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Marc G. Fournier <scrappy@hub.org>

From: The Hermit Hacker <scrappy@hub.org>
To: Tom I Helbekkmo <tih@Hamartun.Priv.NO>
Cc: Bruce Momjian <maillist@candle.pha.pa.us>, Andreas.Zeugswetter@telecom.at, jwieck@debis.com, pgsql-hackers@hub.org
Date: 1998-02-19T23:08:39Z
Lists: pgsql-hackers
On Thu, 19 Feb 1998, Tom I Helbekkmo wrote:

> [Marc]
> 
> > 	I don't think so...but I'rather have the obviuos "select * from
> > pg_user" closed off, and the more obscure "copy pg_user to stdout" still
> > there then have both wide open...its a half measure, but its better then
> > no measure...
> 
> [Bruce]
> 
> > But it is not secure.  Why have passwords then?
> 
> [Marc]
> 
> > 	passswords had to get in there at *some* point...they are there
> > now, now we have to extend the security to the next level.  Better to move
> > forward 1 step at a time.  If we remove the REVOKE altogether, the
> > passwords are still there, but there is *0* security instead of 50%
> > security...
> 
> Wrong.  It's still *0* security, but with the illusion of working
> security in the eyes of anyone who doesn't know better -- and you're
> trying to keep them from knowing better.  If you go this way, cases
> *will* occur where people think their data secure, and then someone
> gains access to it who shouldn't.  Security by obscurity never was,
> and never will be a good idea.
> 
> Leave wide open looking wide open, and document it.  Say something
> like "This release has a password field in the pg_user table, but it
> isn't actually useful as a security measure.  It's there because we
> intend to use it in a secure manner in future.  Meanwhile, a secure
> installation of the current version can be achieved by ...".

	I concede the argument...you guys win...*groan*

Marc G. Fournier                                
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org