* Paul Tillotson ([EMAIL PROTECTED]) wrote: > Maybe I misunderstood, but I thought that others were saying that, if > someone gets the contents of pg_shadow, then > > - if you use only "password" in your pg_hba.conf, he has to break one of > the hashes first in order to log in. > - but if you use "md5" in your pg_hba.conf, then he doesn't have to > break the hashes at all.
(in order to authenticate to your Postgres installation as a given user) > Is this correct? Yes, this is correct. > I guess I personally felt "betrayed" when I heard this since I (naively) Me too. :/ > assumed that the point of hashing passwords was to make it so that > someone who is able to read your database is prevented from logging in > and corrupting the data, installing root-kits, etc. The hash in pg_shadow should only be visible to the database superuser, or someone who has access to the unix account postgres runs as. > Now I see that the point of md5 authenticate is to address an entirely > different problem, namely, having the cleartext password being captured > on the wire. The intention of the 'md5' method in pg_hba.conf is to avoid having the password go over the network in the clear, yes. Unfortunately, this pretty much requires that the database have something which is password-equivilant stored on disk. Thanks, Stephen
signature.asc
Description: Digital signature