Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> on the other hand, a packet sniffer can also grab your password,
> make his own connection to the server, and wreak much more havoc
> than just issuing a cancel. I don't see that this adds any
> vulnerability that wasn't there before.
Ahem. Not true for those of us who use Kerberos authentication.
We never send our passwords over the network, instead using them
as (part of) a key that's used to encrypt other data.
-tih
--
Popularity is the hallmark of mediocrity. --Niles Crane, "Frasier"