Home > mailing lists

Re: [Fwd: [CORE SDI ADVISORY] MySQL weak authentication] - Mailing list pgsql-hackers

From	Marko Kreen
Subject	Re: [Fwd: [CORE SDI ADVISORY] MySQL weak authentication]
Date	October 25, 2000 17:28:11
Msg-id	20001025232725.A12278@l-t.ee Whole thread Raw
In response to	[Fwd: [CORE SDI ADVISORY] MySQL weak authentication] (Lamar Owen <lamar.owen@wgcr.org>)
List	pgsql-hackers

Tree view

On Tue, Oct 24, 2000 at 10:25:14AM -0400, Lamar Owen wrote:
> I am forwarding this not to belittle MySQL, but to hopefully help in the
> development of our own encryption protocol for secure password
> authentication over the network.
> 
> The point being is that if we offer the protocol to do it, we had better
> ensure its security, or someone WILL find the hole.  Hopefully it will
> be people who want to help security and not exploit it.

Better not try to create it ourselves ;)

http://srp.stanford.edu/

It has even RFC's assigned to it.  RFC2945, RFC2944
I put it into my TOLOOK list but have not found the time yet. :)

-- 
marko

pgsql-hackers by date:

From: Tom Lane
Date: 25 October 2000, 16:33:36
Subject: Re: --with-perl=/path/to/prefered/perl?

From: Marko Kreen
Date: 25 October 2000, 20:51:47
Subject: Re: [Fwd: [CORE SDI ADVISORY] MySQL weak authentication]

Re: [Fwd: [CORE SDI ADVISORY] MySQL weak authentication] - Mailing list pgsql-hackers

Previous

Next