From: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> |
---|---|
To: | Jim Mercer <jim(at)reptiles(dot)org> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Vince Vielhaber <vev(at)michvhf(dot)com>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Re: Encrypting pg_shadow passwords |
Date: | 2001-06-17 15:05:52 |
Message-ID: | 3.0.5.32.20010617230552.0152b760@192.228.128.13 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
At 12:04 AM 6/16/01 -0400, Jim Mercer wrote:
>On Sat, Jun 16, 2001 at 11:20:30AM +0800, Lincoln Yeoh wrote:
>> If you need to use encryption then having _everything_ encrypted is a
>> better idea - SSL etc. Those >1GHz CPUs are handy ;).
>
>[ yes, i noted the smiley ]
>
>it is rather unfortunate to see the OSS community buying into the tenents
>that allowed microsoft to get world domination based on crap quality
>software.
>
>"hardware is cheap" is a falsehood.
My point is if you really need encryption, then your data should be
encrypted too, otherwise it seems a waste of time or more a "feel good" thing.
I find it hard to recommend a setup where just the authentication portion
is encrypted but all the data is left in plaintext for everyone to see. Why
go to all that trouble to _fool_ yourself, when you can either do it
securely (encrypt everything), or do it quick (no encryption).
I'd personally put "only authentication is encrypted" in the "crossing a
chasm in two leaps" category.
Yoda says it better ;).
Cheerio,
Link.
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Mercer | 2001-06-17 15:28:16 | Re: Re: Re: Encrypting pg_shadow passwords |
Previous Message | Alex Pilosov | 2001-06-17 14:02:49 | plperl direction |