Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Дата
Msg-id 16115.1114100027@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords  (Stephen Frost <sfrost@snowman.net>)
Ответы Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords  (Stephen Frost <sfrost@snowman.net>)
Список pgsql-hackers
Дерево обсуждения 
Stephen Frost <sfrost@snowman.net> writes:
> I'd also like to point out that this is *only* an issue for the 'md5'
> authentication mechanism in pg_hba.conf, which I think should be=20
> discouraged in favor of 'password' and SSL/IPSEC.

This is still utter nonsense.  How can md5 be less secure than storing
your password in the clear?

Whether you want the extra security of IPSEC is an orthogonal discussion
really; if your connection goes over an insecure network then you most
likely need it in order to hide your data, never mind your password.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Stephen Frost
Дата:
Сообщение: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
Следующее
От: "Joshua D. Drake"
Дата:
Сообщение: Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords