Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Marko Kreen <markokr(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-29 04:30:53
Message-ID: 4775CD7D.5010806@mark.mielke.cc (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian wrote:
> OK, updated paragraph:
>
>     It is possible to have authentication without encryption overhead by
>     using <literal>NULL-SHA</> or <literal>NULL-MD5</> ciphers.  However,
>     a man-in-the-middle could read and pass communications between client
>     and server.  Also, encryption overhead is minimal compared to the
>     overhead of authentication.  For these reasons NULL ciphers are not
>     recommended.
>   
Looks good!

Cheers,
mark

-- 
Mark Mielke <mark(at)mielke(dot)cc>

In response to

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2007-12-29 05:40:13
Subject: Re: minimal update
Previous:From: Bruce MomjianDate: 2007-12-29 04:26:45
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group