On Wed, Jul 13, 2005 at 11:18:04PM -0500, Bob wrote:
> Here is the link in case your fingers are broken and it hurts to type;)
> http://www.postgresql.org/docs/8.0/interactive/encryption-options.html
I think the "Password Storage Encryption" paragraph needs a note similar to
what Stephen Frost wrote in
http://archives.postgresql.org/pgsql-hackers/2005-04/msg00634.php
at the end. The encryption-options.html page says:
"If MD5 encryption is used for client authentication, the unencrypted
password is never even temporarily present on the server [...]"
which is right and wrong at the same time because the md5 hash becomes sort
of a new cleartext password.
Joachim