"Frank Ch. Eigler" <[EMAIL PROTECTED]> writes:
> Oh, I see finally. You already put a custom little
> challenge/response authentication scheme into postgresql,
> and want to keep that working. (May I ask when/why that
> went in at all?
Long before any of the current generation of developers, AFAIK.
> Was lower-layer encryption not an option?)
What lower layer? This code predates SSL by a good bit.
In any case, as several people have pointed out, one may well want to
guard one's password more carefully than one guards the entire session
contents. Running SSL on a session that may transfer many megabytes
is a lot of overhead.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
- Re: [HACKERS] Re: Encrypting pg_shadow passwords Tom Lane
- Re: [HACKERS] Re: Encrypting pg_shadow password... Tom Lane
- Re: [HACKERS] Re: Encrypting pg_shadow password... Tom Lane
- Re: [HACKERS] Re: Encrypting pg_shadow password... Trond Eivind Glomsr�d
- Re: [HACKERS] Re: Encrypting pg_shadow password... Trond Eivind Glomsr�d
- Re: [HACKERS] Re: Encrypting pg_shadow password... Trond Eivind Glomsr�d
- Re: [HACKERS] Re: Encrypting pg_shadow password... Michael Samuel
- Re: [HACKERS] Re: Encrypting pg_shadow pass... Nathan Myers
- Re: [HACKERS] Re: Encrypting pg_shadow password... Bruce Momjian
- Re: [HACKERS] Re: Encrypting pg_shadow password... Michael Samuel
- Re: [HACKERS] Re: Encrypting pg_shadow pass... Bruce Momjian
- Re: [HACKERS] Re: Encrypting pg_shadow password... Bruce Momjian
