| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Paul Tillotson <pntil(at)shentel(dot)net> |
| Subject: | Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords |
| Date: | 2005-04-22 00:27:08 |
| Message-ID: | 200504220027.j3M0R8s20924@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost wrote:
-- Start of PGP signed section.
> * Andrew Dunstan (andrew(at)dunslane(dot)net) wrote:
> > I think the behaviour on the wire should be more explcitly stated.
>
> Please comment on the message I just sent to -hackers which has a much
> longer and more detailed explanation of what happens.
The next paragraph in the docs is:
If you are at all concerned about password
<quote>sniffing</> attacks then <literal>md5</> is preferred, with
<literal>crypt</> a second choice if you must support pre-7.2
clients. Plain <literal>password</> should especially be avoided for
connections over the open Internet (unless you use <acronym>SSL</acronym>, SSH, or
other communications security wrappers around the connection).
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2005-04-22 00:31:26 | Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords |
| Previous Message | Stephen Frost | 2005-04-22 00:14:31 | Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords |