On Wed, Oct 14, 2009 at 5:08 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Dave Page <dp...@pgadmin.org> writes: >> You've twice asserted it's a reduction without providing any arguments >> to back that up. > > You quoted two good arguments why it's insecure in your original > message, neither of which your proposed GUC does anything to protect > against;
I see one, and I proposed masking passwords in any relevant queries before they were written to the stats or logs to mitigate that. > and you also admitted that there might be other leakage paths > we haven't thought of. That seems to me to be more than sufficient > reason to not encourage people to go back to passing unencrypted > passwords around. Yes. Which is why I asked your opinion as there's a far greater chance you would know of any such paths than I, *and* whether they represent a greater risk than the complete lack of control over the effectiveness of users passwords that we currently have. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
