Hi,
When I 'CREATE USER testuser WITH PASSWORD 'mypassword';
I see an entry in PG_PWD with the password 'mypassword' in plaintext.
In my pg_hba.conf I have all hosts using 'password' authentication with no
file argument. Is there any way to keep postgres from saving the passwords
in plain text? This seems to be a huge security hole. I thought that passwords were to be saved in PG_SHADOW. What is
PG_SHADOW for anyway?
If you have an answer, can you please cc: my email?
Thanks.
--tony
postgresql 7.0.3