"Dave Page" <dpage@vale-housing.co.uk> writes:
>> Is there any way/what are the ways to secure the passwords
>> sent by the PGODBC driver to the DB?
> Use md5 passwords. It won't prevent a replay attack, but at least they
> won't be plain text.
Actually md5 does make a replay attack substantially harder. What goes
over the wire is an md5 checksum of the cleartext password plus username
plus a 4-byte salt chosen on-the-fly by the server. So a replay
attacker would have to be lucky enough to be challenged with the same
salt he'd seen used before.
regards, tom lane