Re: crypt auth

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: crypt auth
Date: 2008-10-27 11:11:26
Message-ID: 4905A1DE.5030102@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Magnus Hagander wrote:
> I notice our docs have:
>
> If you are at all concerned about password
> <quote>sniffing</> attacks then <literal>md5</> is preferred, with
> <literal>crypt</> to be used only if you must support pre-7.2
> clients. Plain <literal>password</> should be avoided especially for
>
>
> At what point do we just remove the support and say that people need to
> upgrade their clients? Sure, it's up to ppl not to configure it that
> way, but security-wise it's a foot-gun that I think is completely
> unnecessary.

Here's a patch that does this. Will apply unless there are objections.

//Magnus

Attachment Content-Type Size
cryptauth.patch text/x-diff 14.9 KB

In response to

  • crypt auth at 2008-10-20 09:02:58 from Magnus Hagander

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2008-10-27 11:25:28 Parsing errors in pg_hba.conf
Previous Message Heikki Linnakangas 2008-10-27 10:59:51 Re: ERRORDATA_STACK_SIZE exceeded (server crash)