On Wed, Sep 27, 2017 at 6:05 PM, Albe Laurenz <laurenz.a...@wien.gv.at> wrote: > I had the impression that the reasons why database passwords are > not the best option for high security were: > 1) The password hash is stored in the database and can be stolen and > cracked (don't know if dictionary attacks are harder with SCRAM). > 2) The password or the password hash are transmitted to the server > when you change the password and may be captured.
Having a MD5 hash is enough to connect to the database. No need to crack it. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers