Search Postgresql Archives

Re: Connect to postgres from a dynamic IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jorge Godoy wrote:
Em Monday 03 March 2008 13:17:03 você escreveu:
My understanding is no password is sent in the clear with md5 per:

http://www.postgresql.org/docs/8.3/interactive/auth-methods.html#AUTH-PASSW
ORD

But the MD5 hash is. This page states that the password can't be directly sniffed, but one can still get the hash of the password and perform a dictionary attack against it on a local copy (i.e., without ever trying to connect to the server).

After a successful attack then one can connect directly to the server as if the password was known to him/her.


No sense in pretending. I should think that password *would* be known in that scenario.

(ignoring hash collisions, of course)

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux