On Thu, 2003-01-02 at 19:33, Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
Also, does anyone know why the development docs are 7.3.1?
Because it was pointed to that branch during the 7.3 beta cycle.
It needs to be repointed to CVS tip. I dunno how to do so, however.
Is
-Original Message-
From: Robert Treat [mailto:[EMAIL PROTECTED]]
Sent: 03 January 2003 15:36
To: Tom Lane
Cc: Bruce Momjian; Justin Clift;
[EMAIL PROTECTED]; Dave Page
Subject: Re: [HACKERS] PostgreSQL Password Cracker
On Thu, 2003-01-02 at 19:33, Tom Lane wrote:
Bruce
Tom Lane writes:
separate out the parts that are only interesting to a programmer using
libpq from the parts that are interesting to a user of a libpq-based
program (for example, all the info about environment variables, conninfo
string syntax, and .pgpass).
The sections on environment
Peter Eisentraut wrote:
Tom Lane writes:
separate out the parts that are only interesting to a programmer using
libpq from the parts that are interesting to a user of a libpq-based
program (for example, all the info about environment variables, conninfo
string syntax, and .pgpass).
Bruce Momjian [EMAIL PROTECTED] writes:
But it is a sect1 in libpq. It should be a sect1 somewhere that
makes more sense.
...
It doesn't belong in libpq, and it doesn't belong in the Programmer's
Guide.
How could it not belong in libpq? But you are right that the
Programmer's Guide seems
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
But it is a sect1 in libpq. It should be a sect1 somewhere that
makes more sense.
...
It doesn't belong in libpq, and it doesn't belong in the Programmer's
Guide.
How could it not belong in libpq? But you are right that the
I'll do that. Justin: What's the URL for the .pgpass stuff? So far I see
mention of using SSL. That's two items to cover. Anything else?
On Wed, 1 Jan 2003, Bruce Momjian wrote:
Yes, I have been feeling we should do that. Justin pointed out just
yesterday that .pgpass is only mentioned
Dan Langille wrote:
I'll do that. Justin: What's the URL for the .pgpass stuff? So far I see
mention of using SSL. That's two items to cover. Anything else?
Hi Dan,
Very Cool. The URL for the .pgpass stuff is:
http://developer.postgresql.org/docs/postgres/libpq-files.html
:-)
Regards
On Fri, 3 Jan 2003, Justin Clift wrote:
Very Cool. The URL for the .pgpass stuff is:
http://developer.postgresql.org/docs/postgres/libpq-files.html
There is a typo on that page. First it talkes about the file .pgpass and
then it says: chmod 0600 .pgaccess.
I had no idea that one could
Bruce Momjian writes:
Yes, I have been feeling we should do that. Justin pointed out just
yesterday that .pgpass is only mentioned in libpq documentation, and in
fact there is lots of stuff mentioned in libpq that releates to the
other interfaces, so it should be pulled out and put in one
Peter Eisentraut [EMAIL PROTECTED] writes:
Bruce Momjian writes:
Yes, I have been feeling we should do that. Justin pointed out just
yesterday that .pgpass is only mentioned in libpq documentation, and in
fact there is lots of stuff mentioned in libpq that releates to the
other interfaces,
Dennis Björklund wrote:
On Fri, 3 Jan 2003, Justin Clift wrote:
Very Cool. The URL for the .pgpass stuff is:
http://developer.postgresql.org/docs/postgres/libpq-files.html
There is a typo on that page. First it talkes about the file .pgpass and
then it says: chmod 0600 .pgaccess.
Tom Lane wrote:
Peter Eisentraut [EMAIL PROTECTED] writes:
Bruce Momjian writes:
Yes, I have been feeling we should do that. Justin pointed out just
yesterday that .pgpass is only mentioned in libpq documentation, and in
fact there is lots of stuff mentioned in libpq that releates to the
Bruce Momjian [EMAIL PROTECTED] writes:
Also, does anyone know why the development docs are 7.3.1?
Because it was pointed to that branch during the 7.3 beta cycle.
It needs to be repointed to CVS tip. I dunno how to do so, however.
Is someone working to get 7.3.1 announced on our main web
Tom Lane wrote:
Devrim GUNDUZ [EMAIL PROTECTED] writes:
I had no time to search throug the code; but as far as I understood, it
*attacks* the database servers with TCP/IP on, right?
No, the program itself simply takes an MD5 hash value and does a
brute-force search
mlw wrote:
The comments at the top suggest sniffing a Postgres session startup
exchange in order to see the MD5 value that the user presents; which the
attacker would then give to this program. (Forget it if the session is
Unix-local rather than TCP, or if it's SSL-encrypted...)
This is
Bruce Momjian wrote:
mlw wrote:
The comments at the top suggest sniffing a Postgres session startup
exchange in order to see the MD5 value that the user presents; which the
attacker would then give to this program. (Forget it if the session is
Unix-local rather than TCP,
What do others think? I am not sure myself.
---
mlw wrote:
Bruce Momjian wrote:
mlw wrote:
The comments at the top suggest sniffing a Postgres session startup
exchange in order to see the MD5 value that the
Bruce Momjian [EMAIL PROTECTED] writes:
What do others think? I am not sure myself.
There should definitely be someplace that recommends using SSL across
insecure networks (if there's not already). But it doesn't seem to me
to qualify as a FAQ entry. Somewhere in the admin guide seems more
Yes, I have been feeling we should do that. Justin pointed out just
yesterday that .pgpass is only mentioned in libpq documentation, and in
fact there is lots of stuff mentioned in libpq that releates to the
other interfaces, so it should be pulled out and put in one place.
Does anyone want to
Devrim GUNDUZ [EMAIL PROTECTED] writes:
Some guys from Turkey claim that they have a code to crack PostgreSQL
passwords, defined in pg_hba.conf .
http://www.core.gen.tr/pgcrack/
This is not a cracker, this is just a brute-force try all possible
passwords search program (and a pretty
Hi,
On Sal, 2002-12-31 at 19:38, Tom Lane wrote:
This is not a cracker, this is just a brute-force try all possible
passwords search program (and a pretty simplistic one at that).
Ah, you're right.
I'd say all this proves is the importance of choosing a good password.
Using only lowercase
Devrim GUNDUZ [EMAIL PROTECTED] writes:
I had no time to search throug the code; but as far as I understood, it
*attacks* the database servers with TCP/IP on, right?
No, the program itself simply takes an MD5 hash value and does a
brute-force search for a password that generates that MD5
Tom Lane wrote:
Devrim GUNDUZ [EMAIL PROTECTED] writes:
Some guys from Turkey claim that they have a code to crack PostgreSQL
passwords, defined in pg_hba.conf .
http://www.core.gen.tr/pgcrack/
This is not a cracker, this is just a brute-force try all possible
passwords search program
Devrim GUNDUZ wrote:
Hi,
On Sal, 2002-12-31 at 19:38, Tom Lane wrote:
This is not a cracker, this is just a brute-force try all possible
passwords search program (and a pretty simplistic one at that).
Ah, you're right.
I'd say all this proves is the importance of choosing a good
On Tue, 2002-12-31 at 17:49, Bruce Momjian wrote:
Tom Lane wrote:
Devrim GUNDUZ [EMAIL PROTECTED] writes:
Some guys from Turkey claim that they have a code to crack PostgreSQL
passwords, defined in pg_hba.conf .
http://www.core.gen.tr/pgcrack/
This is not a cracker, this is
Oliver Elphick wrote:
On Tue, 2002-12-31 at 17:49, Bruce Momjian wrote:
Tom Lane wrote:
Devrim GUNDUZ [EMAIL PROTECTED] writes:
Some guys from Turkey claim that they have a code to crack PostgreSQL
passwords, defined in pg_hba.conf .
http://www.core.gen.tr/pgcrack/
27 matches
Mail list logo
