This is the mail archive of the
rhdb@sources.redhat.com
mailing list for the RHDB project.
Re: problem with Configuring a Connection to a Database using VisualExplain
- From: Fernando Nasser <fnasser at redhat dot com>
- To: Fernando Nasser <fnasser at redhat dot com>
- Cc: Wei Tjioe <wtjioe at cs dot toronto dot edu>, rhdb at sources dot redhat dot com
- Date: Thu, 02 Oct 2003 20:41:08 -0400
- Subject: Re: problem with Configuring a Connection to a Database using VisualExplain
- Organization: Red Hat Canada
- References: <Pine.GSO.4.58.0310012121530.10907@qew.cs> <3F7C859C.4060604@redhat.com>
Fernando Nasser wrote:
Wei,
The client side (in this case JDBC) is not aware of how the server
stores it's passwords. They are sent clear text with either 'password'
or 'md5' -- they are stored encrypted in the server. If you need more
^^^^crypt
security and don't want clear text passwords on the network make the
connection using SSL. The JDBC driver supports SSL connection for some
time now.
Sorry, I was thinking of crypt. I forgot that we now have support for
md5 and, of course, this means that the passwords may be encrypted
before being sent over the wire. In which case you don't need SSL (if
just for that).
But the detection if the JDBC driver has to send md5 or clear text
passwords (for password _and_ crypt) is done automatically. The server
tells the client how it wants the password. The client program always
pass it to JDBC as clear text.
Please note that JDBC drivers before 7.3 had a bug in md5 password
encription. I think it would only affect people with a different
encoding in their locale, but to be in the safe side you should use
drivers 7.3 on when using md5.
Your pg_hba file seems to be in a very old format (7.1.x perhaps). What
versions of PostgreSQL and of the JDBC driver are you using?
Regards,
Fernando
--
Fernando Nasser
Red Hat Canada Ltd. E-Mail: fnasser@redhat.com
2323 Yonge Street, Suite #300
Toronto, Ontario M4P 2C9