| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] Changing references of password encryption to hashing |
| Date: | 2023-11-30 17:16:01 |
| Message-ID: | CA+TgmoYLs3RsN_i_PEnS6MsRJvY_Cy=f+W7Yx=dQkDQXEKHBhQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Nov 29, 2023 at 5:02 PM Nathan Bossart <nathandbossart(at)gmail(dot)com> wrote:
> On Wed, Nov 29, 2023 at 04:02:11PM -0500, Robert Haas wrote:
> > I'd fully support having good documentation that says "hey, here are
> > the low security authentication configurations, here are the
> > medium-security ones, here are the high security ones, and here's why
> > these ones are better than those ones and what they protect against
> > and what risks remain." That would be awesome.
>
> +1. IMO the "Password Authentication" section [0] does this pretty well
> already.
That's limited to just the password-based methods, though, so some
broader discussion of the whole suite of available techniques could be
useful. It does call out the known weaknesses of the md5 and password,
though, which is good.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Matthias van de Meent | 2023-11-30 17:47:39 | Re: Parallel CREATE INDEX for BRIN indexes |
| Previous Message | Andrey M. Borodin | 2023-11-30 17:06:11 | Re: Transaction timeout |