| From: | Arthur Silva <arthurprs(at)gmail(dot)com> |
|---|---|
| To: | Peter Geoghegan <pg(at)heroku(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: reducing our reliance on MD5 |
| Date: | 2015-02-11 02:55:45 |
| Message-ID: | CAO_YK0XM44q4Z7gKpfCFtFWVTKN8DLJC=rAEzTiMYs8yog6A7A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Feb 10, 2015 at 11:25 PM, Peter Geoghegan <pg(at)heroku(dot)com> wrote:
> On Tue, Feb 10, 2015 at 5:22 PM, Arthur Silva <arthurprs(at)gmail(dot)com> wrote:
> > I assume if the hacker can intercept the server unencrypted traffic
> and/or
> > has access to its hard-drive the database is compromised anyway.
>
> That sounds like an argument against hashing the passwords in general.
>
>
> --
> Peter Geoghegan
>
Indeed.
In a perfect world SCRAM would be the my choice. FWIW Mongodb 3.0 also uses
SCRAM as the preferred method for password based authentication.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-02-11 03:57:10 | Re: reducing our reliance on MD5 |
| Previous Message | Robert Haas | 2015-02-11 02:55:29 | Re: reducing our reliance on MD5 |