On Wed, Sep 27, 2017 at 6:05 PM, Albe Laurenz <laurenz.albe@wien.gv.at> wrote:
> I had the impression that the reasons why database passwords are
> not the best option for high security were:
> 1) The password hash is stored in the database and can be stolen and
> cracked (don't know if dictionary attacks are harder with SCRAM).
> 2) The password or the password hash are transmitted to the server
> when you change the password and may be captured.
Having a MD5 hash is enough to connect to the database. No need to crack it.
--
Michael
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers