Stephen Frost wrote:
* Tom Lane ([EMAIL PROTECTED]) wrote:
Stephen Frost <[EMAIL PROTECTED]> writes:
I'd also like to point out that this is *only* an issue for the 'md5'This is still utter nonsense. How can md5 be less secure than storing
authentication mechanism in pg_hba.conf, which I think should be=20
discouraged in favor of 'password' and SSL/IPSEC.
your password in the clear?
I think you're mixing the issues. 'password' in pg_hba.conf does not automatically imply 'without encrypted password'/plaintext in pg_shadow. There are two seperate uses of md5 here and they counter each other.
The docs say: "only md5 supports encrypted passwords stored in pg_shadow; the other two require unencrypted passwords to be stored there." So either your assertion that 'password' auth does not imply plaintext password storage is wrong, or the docs are.
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
