为什么PostgreSQL默认将用户密码存储在MD5哈希中,这不是安全漏洞? 我正在研究PostgreSQL的内部并且已经到了系统catelog pg_authid ,当我读到有关MD5哈希加密时,它似乎被认为是过时的。 在我的想法中,如果管理员或用户能够访问底层文件存储,那么他们可能会假设破解密码并执行所述凭据将启用的任何内容。
我问为什么它不是一个安全漏洞,因为显然PostgreSQL已被“通用标准认证”,根据它的wiki,它注意到它来自西方国防组织,它似乎是军用级安全的。
谢谢!
Why is it not a security hole that PostgreSQL by default stores user passwords in an MD5 hash? I am studying the internals of PostgreSQL and have gotten to the system catelog pg_authid and when I read about the MD5 hash encryption it appears that it is regarded as antiquated. In my thinking if an admin or a user is able to access the underlying file store then they could hypothetically crack the passwords and do whatever said credentials would enable.
I ask why it is not a security hole because apparently PostgreSQL has been "Common Criteria Certified" which seems to be military grade secure according to it's wiki which notes it's provenance from western defense organizations.
Thanks!
更多推荐
发布评论