On 08/20/2012 07:08 PM, Tom Lane wrote:
Moreover, as Josh just mentioned, anybody who thinks it might be insufficiently secure for their purposes has got plenty of alternatives available today (SSL certificates, PAM backed by whatever-you-want, etc).
Yeah, I think we need to emphasize this lots more. Anyone who wants really secure authentication needs to be getting away from password based auth altogether. Another hash function will make very little difference.
cheers andrew -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
