Re: PostgreSQL Password Cracker

I'll do that. Justin: What's the URL for the .pgpass stuff? So far I see
mention of using SSL. That's two items to cover. Anything else?

On Wed, 1 Jan 2003, Bruce Momjian wrote:

>
> Yes, I have been feeling we should do that. Justin pointed out just
> yesterday that .pgpass is only mentioned in libpq documentation, and in
> fact there is lots of stuff mentioned in libpq that releates to the
> other interfaces, so it should be pulled out and put in one place.
>
> Does anyone want to tackle this?
>
> ---------------------------------------------------------------------------
>
> Tom Lane wrote:
> > Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > > What do others think? I am not sure myself.
> >
> > There should definitely be someplace that recommends using SSL across
> > insecure networks (if there's not already). But it doesn't seem to me
> > to qualify as a FAQ entry. Somewhere in the admin guide seems more
> > appropriate. Perhaps under Client Authentication?
> >
> > Maybe someone could even put together enough material to create a whole
> > chapter on security considerations --- this is hardly the only item
> > worthy of mention.
> >
> > regards, tom lane
> >
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> + If your life is a hard drive, | 13 Roberts Road
> + Christ can be your backup. | Newtown Square, Pennsylvania 19073
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>