Re: PostgreSQL Password Cracker

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: mlw <pgsql(at)mohawksoft(dot)com>, Devrim GUNDUZ <devrim(at)tr(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: PostgreSQL Password Cracker
Date: 2003-01-02 04:17:59
Message-ID: 16836.1041481079@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> What do others think? I am not sure myself.

There should definitely be someplace that recommends using SSL across
insecure networks (if there's not already). But it doesn't seem to me
to qualify as a FAQ entry. Somewhere in the admin guide seems more
appropriate. Perhaps under Client Authentication?

Maybe someone could even put together enough material to create a whole
chapter on security considerations --- this is hardly the only item
worthy of mention.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2003-01-02 04:27:59 Re: PostgreSQL Password Cracker
Previous Message Bruce Momjian 2003-01-01 23:44:58 Re: PostgreSQL Password Cracker