Tom Lane wrote:
Paul Tillotson <[EMAIL PROTECTED]> writes:Maybe I misunderstood, but I thought that others were saying that, if someone gets the contents of pg_shadow, then
Hm? Using md5 is certainly not any *more* dangerous than any of the other possible password-based methods.
- if you use only "password" in your pg_hba.conf, he has to break one of the hashes first in order to log in.
- but if you use "md5" in your pg_hba.conf, then he doesn't have to break the hashes at all.
Is this correct?
I guess I personally felt "betrayed" when I heard this since I (naively) assumed that the point of hashing passwords was to make it so that someone who is able to read your database is prevented from logging in and corrupting the data, installing root-kits, etc.
Now I see that the point of md5 authenticate is to address an entirely different problem, namely, having the cleartext password being captured on the wire.
Regards, Paul Tillotson
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
