"Frank Ch. Eigler" <fche@redhat.com> writes:
> Oh, I see finally. You already put a custom little
> challenge/response authentication scheme into postgresql,
> and want to keep that working. (May I ask when/why that
> went in at all?
Long before any of the current generation of developers, AFAIK.
> Was lower-layer encryption not an option?)
What lower layer? This code predates SSL by a good bit.
In any case, as several people have pointed out, one may well want to
guard one's password more carefully than one guards the entire session
contents. Running SSL on a session that may transfer many megabytes
is a lot of overhead.
regards, tom lane