Search Postgresql Archives

Re: Transparent encryption in PostgreSQL?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 13, 2005 at 11:18:04PM -0500, Bob wrote:
> Here is the link in case your fingers are broken and it hurts to type;) 
> http://www.postgresql.org/docs/8.0/interactive/encryption-options.html

I think the "Password Storage Encryption" paragraph needs a note similar to
what Stephen Frost wrote in

http://archives.postgresql.org/pgsql-hackers/2005-04/msg00634.php

at the end. The encryption-options.html page says:

"If MD5 encryption is used for client authentication, the unencrypted
password is never even temporarily present on the server [...]"

which is right and wrong at the same time because the md5 hash becomes sort
of a new cleartext password.


Joachim


---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

               http://archives.postgresql.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux