On 11/24/2012 10:15 AM, Rafal Pietrak wrote:
Some improvement in passwords safety could be gained, if the database table access methods (e.g. SELECT...) provided means to limit that access to just one entry at a time, and return results only when (password) column hash was equal for a single entry. e.g. information is not leaking when password dont' match.
But what about situations where the attackers gained access to the database itself or faulty discs that got replaced? Isn't just having a strong hash a better solution? And by strong I mean a bcrypt based or similar approach that requires significant time to calculate a single hash.
-- .oO V Oo. Work Hard, Increase Production, Prevent Accidents, and Be Happy! ;) -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
