Re: ssl and/or md5 encryption

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Colton A Smith <smith(at)cs(dot)utk(dot)edu>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: ssl and/or md5 encryption
Date: 2005-12-06 17:42:28
Message-ID: 20051206174228.GA21130@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Wed, Nov 30, 2005 at 08:24:34 -0500,
Colton A Smith <smith(at)cs(dot)utk(dot)edu> wrote:
>
> I specify md5 encryption in my pg_hba.conf file. Would using SSL on
> top of this be overkill?

md5 password hashing doesn't buy a whole lot.
If packet sniffing is a significant threat for you, you probably want to
consider forcing clients to use ssl.
If you have cpu cycles to burn, you probably also want to use it.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Dario Brignardello 2005-12-06 18:00:57 Re: error while creating database
Previous Message Guido Barosio 2005-12-06 15:55:16 Re: error while creating database