Skip site navigation (1) Skip section navigation (2)

Re: crypt auth

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: crypt auth
Date: 2008-10-27 11:11:26
Message-ID: 4905A1DE.5030102@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers 
Magnus Hagander wrote:
> I notice our docs have:
> 
>     If you are at all concerned about password
>     <quote>sniffing</> attacks then <literal>md5</> is preferred, with
>     <literal>crypt</> to be used only if you must support pre-7.2
>     clients. Plain <literal>password</> should be avoided especially for
> 
> 
> At what point do we just remove the support and say that people need to
> upgrade their clients? Sure, it's up to ppl not to configure it that
> way, but security-wise it's a foot-gun that I think is completely
> unnecessary.

Here's a patch that does this. Will apply unless there are objections.

//Magnus
Attachment: cryptauth.patch
Description: text/x-diff (14.9 KB)

In response to

  • crypt auth at 2008-10-20 09:02:58 from Magnus Hagander

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2008-10-27 11:25:28
Subject: Parsing errors in pg_hba.conf
Previous:From: Heikki LinnakangasDate: 2008-10-27 10:59:51
Subject: Re: ERRORDATA_STACK_SIZE exceeded (server crash)

Privacy Policy | About PostgreSQL
Copyright © 1996-2013 The PostgreSQL Global Development Group