Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Marc G. Fournier <scrappy@hub.org>

From: The Hermit Hacker <scrappy@hub.org>
To: Bruce Momjian <maillist@candle.pha.pa.us>
Cc: Brett McCormick <brett@work.chicken.org>, jwieck@debis.com, Andreas.Zeugswetter@telecom.at, pgsql-hackers@hub.org
Date: 1998-02-19T18:34:01Z
Lists: pgsql-hackers
On Thu, 19 Feb 1998, Bruce Momjian wrote:

> > 
> > 
> > Have we considering using the unix crypt function for passwords?  That
> > way it wouldn't matter (as much) if people saw the password, and would
> > still be (somewhat less) secure.
> > 
> > On Thu, 19 February 1998, at 15:55:07, Jan Wieck wrote:
> 
> I don't know what the problem with using crypt was.  It may be because
> he passes a random salt to the user, and the user makes the password
> packet with the given salt and returns it to the backend.  If we use
> crypt, we have to send a plaintext password over the network, don't we?

	But, aren't we doing that now?