> > But we don't, do we? I thougth they were hashed.
>
> do
> select * from pg_shadow;
>
> I think that it was agreed that it is better when they can't bw snatched
> from
> network than to have them hashed in db.
> Using currently known technologies we must either either know the
> original password
> and use challenge-response on net, or else use plaintext (or equivalent)
> on the wire.
Yes, I remember now, we hash them with random salt before sending them
to the client, and they are only visible to the postgres user.
-- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026