Bruce Momjian <maillist@candle.pha.pa.us> writes:
> OK, lets review this, with thought about our various authentication
> options:
>
> trust, password, ident, crypt, krb4, krb5
>
> As far as I know, they all transmit queries and results as clear text
> across the network. They encrypt the passwords and tickets, but not the
> data. [Even kerberos does not encrypt the data stream, does it?]
True. Encrypted communication should be an option, though. With
Kerberos, the ability to do this securely is already there in the
library, so it would be natural to use it. Adding encryption to the
communication between client and postmaster is probably a good thing
even if we don't (yet) encrypt that between client and backend, and
would also be a good, simple way to start implementing it.
-tih
--
Popularity is the hallmark of mediocrity. --Niles Crane, "Frasier"