Re:

Started by Michael Robinsonover 25 years ago1 messages

robinson@netrinsics.com

over 25 years ago

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

If I understand the original objection it's that passwords are stored
in cleartext on the postmaster machine.

You understand the original objection, but you don't understand the basis for
the objection.

That's not much of an
objection since you have to have your secrets available in the clear
on both ends of a connection if you want the traffic on the
connection secured.

This is true. However, the problem is that people reuse passwords. By
hashing the password on both ends of the connection with a known random
salt, you achieve the same result as if people did not reuse passwords,
i.e., a root compromise of the postgres server will not give the perpetrator
access to anything other than the specific postgres account on that server.

Without encryption, such a compromise would very likely lead to further
compromises of other services secured by the same password as was used for
postgres access.

Users are their own worst enemy. This is a small thing we can do to protect
them from themselves.

-Michael