crypt auth

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: crypt auth
Date: 2008-10-20 09:02:58
Message-ID: 48FC4942.8040206@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I notice our docs have:

If you are at all concerned about password
<quote>sniffing</> attacks then <literal>md5</> is preferred, with
<literal>crypt</> to be used only if you must support pre-7.2
clients. Plain <literal>password</> should be avoided especially for

At what point do we just remove the support and say that people need to
upgrade their clients? Sure, it's up to ppl not to configure it that
way, but security-wise it's a foot-gun that I think is completely
unnecessary.

//Magnus

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2008-10-20 09:16:32 SQL:2008 LIMIT/OFFSET
Previous Message Magnus Hagander 2008-10-20 08:35:38 Re: contrib/pg_stat_statements