Tom Lane wrote: > Hmm. I thought it *was* done, but it looks like Bruce forgot to change > the actual guc.c value? The docs and postgresql.conf.sample claim the > default is true... > > 2002-06-14 21:29 momjian > > * doc/src/sgml/runtime.sgml, > src/backend/utils/misc/postgresql.conf.sample: Make encryption of > stored passwords the default, as discussed months ago. > > Seem to be one file short on that commit ...
Fixed. > > (3) (Related to 2b above) Shouldn't we reject an attempt by the user > > to specify an un-encrypted password that matches the isMD5() test? > > No, see above. There are actually three cases here: entering a > previously encrypted password (in which case do nothing to it regardless > of the "encrypted" option), entering an uncrypted password with the > "encrypted" option (apply MD5 transform), or entering an uncrypted > password with the "unencrypted" option (do nothing). > > I suppose we could have instead invented an ALREADY_CRYPTED option > instead, but we didn't, for reasons I don't recall at the moment; > but I think it had something to do with making life easier for > pg_dumpall. I think there wasn't a reason to make the distinction because it could be detected automatically, and an admin copying a password from somewhere else could easily accidentally double-encrypt the password, which then wouldn't work. It also allowed auto-migration to encrypted passwords from an old dump file. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly