> On Tue, Jun 26, 2001 at 10:18:37AM -0400, Tom Lane wrote: > > though I would note that anyone who is able to examine the > > contents of pg_shadow has *already* broken into your database > > note: the dbadmin may not be the system administrator, but the dbadmin, > by default (with plaintext) can scoop an entire list of "useful" passwords, > since many users (like it or not) use the same/similar passwords for > multiple accounts. I fully agree with this statement and think it is a valid concern. Would it help here to introduce some poor man's encryption that is reversible ? Then the admin would need to intentionally decrypt the pg_shadow entry to see that plain password, and not see it if he just accidentally select'ed * from pg_shadow. If an admin intentionally wants to crack a password he will always have means to do that (e.g. send well chosen salts). Andreas ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://www.postgresql.org/search.mpl