Quick Links

crypt auth

From:	Magnus Hagander <magnus(at)hagander(dot)net>
To:	PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	crypt auth
Date:	2008-10-20 09:02:58
Message-ID:	48FC4942.8040206@hagander.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

I notice our docs have:

If you are at all concerned about password
<quote>sniffing</> attacks then <literal>md5</> is preferred, with
<literal>crypt</> to be used only if you must support pre-7.2
clients. Plain <literal>password</> should be avoided especially for

At what point do we just remove the support and say that people need to
upgrade their clients? Sure, it's up to ppl not to configure it that
way, but security-wise it's a foot-gun that I think is completely
unnecessary.

//Magnus

Responses

Re: crypt auth at 2008-10-20 14:14:18 from Peter Eisentraut
Re: crypt auth at 2008-10-27 11:11:26 from Magnus Hagander

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Eisentraut	2008-10-20 09:16:32	SQL:2008 LIMIT/OFFSET
Previous Message	Magnus Hagander	2008-10-20 08:35:38	Re: contrib/pg_stat_statements