On Tue, Jul 7, 2009 at 10:09 AM, Heikki
Linnakangas<heikki.linnakangas@enterprisedb.com> wrote:
>
> What kind of attacks would this protect against? Seems a bit pointless
> to me if the password is being sent to the server anyway. If the
> attacker has superuser access to the server, he can harvest the
> passwords as the clients send them in. If he doesn't, the usual access
> controls with GRANT/REVOKE would be enough.
It would still protect against offline attacks such as against backup files.
--
greg
http://mit.edu/~gsstark/resume.pdf