On Tue, Jul 7, 2009 at 10:09 AM, Heikki Linnakangas<heikki.linnakan...@enterprisedb.com> wrote: > > What kind of attacks would this protect against? Seems a bit pointless > to me if the password is being sent to the server anyway. If the > attacker has superuser access to the server, he can harvest the > passwords as the clients send them in. If he doesn't, the usual access > controls with GRANT/REVOKE would be enough.
It would still protect against offline attacks such as against backup files. -- greg http://mit.edu/~gsstark/resume.pdf -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
