Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > But it is a "sect1" in libpq. It should be a "sect1" somewhere that
> > makes more sense.
> > ...
> > It doesn't belong in libpq, and it doesn't belong in the Programmer's
> > Guide.
>
> How could it not belong in libpq? But you are
Bruce Momjian <[EMAIL PROTECTED]> writes:
> But it is a "sect1" in libpq. It should be a "sect1" somewhere that
> makes more sense.
> ...
> It doesn't belong in libpq, and it doesn't belong in the Programmer's
> Guide.
How could it not belong in libpq? But you are right that the
Programmer's Gui
Peter Eisentraut wrote:
> Tom Lane writes:
>
> > separate out the parts that are only interesting to a programmer using
> > libpq from the parts that are interesting to a user of a libpq-based
> > program (for example, all the info about environment variables, conninfo
> > string syntax, and .pgpa
Tom Lane writes:
> separate out the parts that are only interesting to a programmer using
> libpq from the parts that are interesting to a user of a libpq-based
> program (for example, all the info about environment variables, conninfo
> string syntax, and .pgpass).
The sections on environment va
> -Original Message-
> From: Robert Treat [mailto:[EMAIL PROTECTED]]
> Sent: 03 January 2003 15:36
> To: Tom Lane
> Cc: Bruce Momjian; Justin Clift;
> [EMAIL PROTECTED]; Dave Page
> Subject: Re: [HACKERS] PostgreSQL Password Cracker
>
>
> On Thu, 2003-
On Thu, 2003-01-02 at 19:33, Tom Lane wrote:
> Bruce Momjian <[EMAIL PROTECTED]> writes:
> > Also, does anyone know why the development docs are 7.3.1?
>
> Because it was pointed to that branch during the 7.3 beta cycle.
> It needs to be repointed to CVS tip. I dunno how to do so, however.
>
> >
Bruce Momjian <[EMAIL PROTECTED]> writes:
> Also, does anyone know why the development docs are 7.3.1?
Because it was pointed to that branch during the 7.3 beta cycle.
It needs to be repointed to CVS tip. I dunno how to do so, however.
> Is someone working to get 7.3.1 announced on our main web
Tom Lane wrote:
> Peter Eisentraut <[EMAIL PROTECTED]> writes:
> > Bruce Momjian writes:
> >> Yes, I have been feeling we should do that. Justin pointed out just
> >> yesterday that .pgpass is only mentioned in libpq documentation, and in
> >> fact there is lots of stuff mentioned in libpq that re
Dennis Björklund wrote:
> On Fri, 3 Jan 2003, Justin Clift wrote:
>
> > Very Cool. The URL for the .pgpass stuff is:
> >
> > http://developer.postgresql.org/docs/postgres/libpq-files.html
>
> There is a typo on that page. First it talkes about the file .pgpass and
> then it says: "chmod 0600 .
Peter Eisentraut <[EMAIL PROTECTED]> writes:
> Bruce Momjian writes:
>> Yes, I have been feeling we should do that. Justin pointed out just
>> yesterday that .pgpass is only mentioned in libpq documentation, and in
>> fact there is lots of stuff mentioned in libpq that releates to the
>> other int
Bruce Momjian writes:
> Yes, I have been feeling we should do that. Justin pointed out just
> yesterday that .pgpass is only mentioned in libpq documentation, and in
> fact there is lots of stuff mentioned in libpq that releates to the
> other interfaces, so it should be pulled out and put in one
On Fri, 3 Jan 2003, Justin Clift wrote:
> Very Cool. The URL for the .pgpass stuff is:
>
> http://developer.postgresql.org/docs/postgres/libpq-files.html
There is a typo on that page. First it talkes about the file .pgpass and
then it says: "chmod 0600 .pgaccess".
I had no idea that one could
Dan Langille wrote:
I'll do that. Justin: What's the URL for the .pgpass stuff? So far I see
mention of using SSL. That's two items to cover. Anything else?
Hi Dan,
Very Cool. The URL for the .pgpass stuff is:
http://developer.postgresql.org/docs/postgres/libpq-files.html
:-)
Regards an
I'll do that. Justin: What's the URL for the .pgpass stuff? So far I see
mention of using SSL. That's two items to cover. Anything else?
On Wed, 1 Jan 2003, Bruce Momjian wrote:
>
> Yes, I have been feeling we should do that. Justin pointed out just
> yesterday that .pgpass is only mentioned
Yes, I have been feeling we should do that. Justin pointed out just
yesterday that .pgpass is only mentioned in libpq documentation, and in
fact there is lots of stuff mentioned in libpq that releates to the
other interfaces, so it should be pulled out and put in one place.
Does anyone want to t
Bruce Momjian <[EMAIL PROTECTED]> writes:
> What do others think? I am not sure myself.
There should definitely be someplace that recommends using SSL across
insecure networks (if there's not already). But it doesn't seem to me
to qualify as a FAQ entry. Somewhere in the admin guide seems more
What do others think? I am not sure myself.
---
mlw wrote:
>
>
> Bruce Momjian wrote:
>
> >mlw wrote:
> >
> >
> >>>The comments at the top suggest sniffing a Postgres session startup
> >>>exchange in order to see the M
Bruce Momjian wrote:
mlw wrote:
The comments at the top suggest sniffing a Postgres session startup
exchange in order to see the MD5 value that the user presents; which the
attacker would then give to this program. (Forget it if the session is
Unix-local rather than TCP,
mlw wrote:
> >The comments at the top suggest sniffing a Postgres session startup
> >exchange in order to see the MD5 value that the user presents; which the
> >attacker would then give to this program. (Forget it if the session is
> >Unix-local rather than TCP, or if it's SSL-encrypted...)
> >
>
Tom Lane wrote:
Devrim GUNDUZ <[EMAIL PROTECTED]> writes:
I had no time to search throug the code; but as far as I understood, it
*attacks* the database servers with TCP/IP on, right?
No, the program itself simply takes an MD5 hash value and does a
brute-force search f
Oliver Elphick wrote:
> On Tue, 2002-12-31 at 17:49, Bruce Momjian wrote:
> > Tom Lane wrote:
> > > Devrim GUNDUZ <[EMAIL PROTECTED]> writes:
> > > > Some guys from Turkey claim that they have a code to crack PostgreSQL
> > > > passwords, defined in pg_hba.conf .
> > >
> > > > http://www.core.gen.
On Tue, 2002-12-31 at 17:49, Bruce Momjian wrote:
> Tom Lane wrote:
> > Devrim GUNDUZ <[EMAIL PROTECTED]> writes:
> > > Some guys from Turkey claim that they have a code to crack PostgreSQL
> > > passwords, defined in pg_hba.conf .
> >
> > > http://www.core.gen.tr/pgcrack/
> >
> > This is not a c
Devrim GUNDUZ <[EMAIL PROTECTED]> writes:
> I had no time to search throug the code; but as far as I understood, it
> *attacks* the database servers with TCP/IP on, right?
No, the program itself simply takes an MD5 hash value and does a
brute-force search for a password that generates that MD5 str
Devrim GUNDUZ wrote:
> Hi,
>
> On Sal, 2002-12-31 at 19:38, Tom Lane wrote:
> >
> > This is not a cracker, this is just a brute-force "try all possible
> > passwords" search program (and a pretty simplistic one at that).
>
> Ah, you're right.
>
> > I'd say all this proves is the importance of ch
Tom Lane wrote:
> Devrim GUNDUZ <[EMAIL PROTECTED]> writes:
> > Some guys from Turkey claim that they have a code to crack PostgreSQL
> > passwords, defined in pg_hba.conf .
>
> > http://www.core.gen.tr/pgcrack/
>
> This is not a cracker, this is just a brute-force "try all possible
> passwords"
Hi,
On Sal, 2002-12-31 at 19:38, Tom Lane wrote:
>
> This is not a cracker, this is just a brute-force "try all possible
> passwords" search program (and a pretty simplistic one at that).
Ah, you're right.
> I'd say all this proves is the importance of choosing a good password.
> Using only lowe
Devrim GUNDUZ <[EMAIL PROTECTED]> writes:
> Some guys from Turkey claim that they have a code to crack PostgreSQL
> passwords, defined in pg_hba.conf .
> http://www.core.gen.tr/pgcrack/
This is not a cracker, this is just a brute-force "try all possible
passwords" search program (and a pretty sim
Hi,
Some guys from Turkey claim that they have a code to crack PostgreSQL
passwords, defined in pg_hba.conf .
http://www.core.gen.tr/pgcrack/
Maybe some of you want to get the code...
Best regards,
--
Devrim GUNDUZ
www.gunduz.org
---(end of broadcast)
28 matches
Mail list logo
