* Paul Tillotson ([EMAIL PROTECTED]) wrote: > Maybe I misunderstood, but I thought that others were saying that, if > someone gets the contents of pg_shadow, then > > - if you use only "password" in your pg_hba.conf, he has to break one of > the hashes first in order to log in. > - but if you use "md5" in your pg_hba.conf, then he doesn't have to > break the hashes at all.
(in order to authenticate to your Postgres installation as a given user)
> Is this correct?
Yes, this is correct.
> I guess I personally felt "betrayed" when I heard this since I (naively)
Me too. :/
> assumed that the point of hashing passwords was to make it so that
> someone who is able to read your database is prevented from logging in
> and corrupting the data, installing root-kits, etc.
The hash in pg_shadow should only be visible to the database superuser,
or someone who has access to the unix account postgres runs as.
> Now I see that the point of md5 authenticate is to address an entirely
> different problem, namely, having the cleartext password being captured
> on the wire.
The intention of the 'md5' method in pg_hba.conf is to avoid having the
password go over the network in the clear, yes. Unfortunately, this
pretty much requires that the database have something which is
password-equivilant stored on disk.
Thanks,
Stephen
signature.asc
Description: Digital signature
