Tom Lane wrote:
>Paul Tillotson <pntil@shentel.net> writes:
>
>
>Hm? Using md5 is certainly not any *more* dangerous than any of the
>other possible password-based methods.
>
>
>
Maybe I misunderstood, but I thought that others were saying that, if
someone gets the contents of pg_shadow, then
- if you use only "password" in your pg_hba.conf, he has to break one of
the hashes first in order to log in.
- but if you use "md5" in your pg_hba.conf, then he doesn't have to
break the hashes at all.
Is this correct?
I guess I personally felt "betrayed" when I heard this since I (naively)
assumed that the point of hashing passwords was to make it so that
someone who is able to read your database is prevented from logging in
and corrupting the data, installing root-kits, etc.
Now I see that the point of md5 authenticate is to address an entirely
different problem, namely, having the cleartext password being captured
on the wire.
Regards,
Paul Tillotson