From: wpp@marie.physik.tu-berlin.de (Kai Petzke)
Message-Id: <9405120721.AA01666@marie.physik.tu-berlin.de>
Subject: user authentification
To: linux-postgres@native-ed.bc.ca
Date: Wed, 11 May 1994 22:29:45 +0200 (MET DST)
Content-Type: text
Content-Length: 1280

Hi,


I am looking for a small project, which to start with hacking
postgres.  I do not want to do the big "C++"-ifying and "Web"bing
thing, before they have released the final version.  My
suggestions are:

- Modify the copy in/out routines to adapt them to a variety of
  input or output file formats.  The current implementation takes
  about 800 lines in one source file:

	~/src/backend/commands/copy.c

- Add medium security authentification to postgres.  Currently,
  you have no security (everybody can connect to port 4321, while
  a postmaster is running), or good security, when you link in
  Kerberos.  Kerberos needs an independant ticket server, which
  should run on a physically safe computer, which has no other
  stuff running.  Installing Kerberos requires you to change the
  login software.

  I want something in between, which provides both good safety
  and is easy to install.  How about doing the same thing, that
  Oracle does: an extra login when connecting to the database?

  The problem: Packet Sniffer.  While transferring the password,
  anybody can listen.  So all data transferred during authentification
  should be encrypted.  I came to mind with a strange scheme, how
  this could be done.  I have written a post to sci.crypt about it.


Kai