On 07/13/2017 10:46 PM, Chapman Flack wrote: > Neither is suitable on an unencrypted channel (as has been repeatedly
Please forgive my thinko about md5. I had overlooked the second salted md5 used in the protocol, and that had to be some years ago when I was sure I had looked for one in the code. But it's been there since 2001, so I simply overlooked it somehow. Not sure how. I've had an unnecessarily jaundiced view of "md5" auth for years as a result. I feel much better now. Sorry for the noise. -Chap -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers