The doc says « if you are at all concerned about password
"sniffing" attacks then md5 is preferred. » but does not say why.
It would seem that an MD5 hash can be sniffed and replayed just as
well as a clear-text password.
Maybe the doc needs to explain why "md5" is more secure than
"password". Or, if it isn't, say so.
André Majorel http://www.teaser.fr/~amajorel/
pgsql-docs by date
|Next:||From: Thom Brown||Date: 2010-07-08 13:05:07|
|Subject: Re: MD5 passwords|
|Previous:||From: Satoshi Nagayasu||Date: 2010-07-08 09:50:51|
|Subject: Re: ECPG Documentation Improvement|