From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: crypt auth |
Date: | 2008-10-27 11:11:26 |
Message-ID: | 4905A1DE.5030102@hagander.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Magnus Hagander wrote:
> I notice our docs have:
>
> If you are at all concerned about password
> <quote>sniffing</> attacks then <literal>md5</> is preferred, with
> <literal>crypt</> to be used only if you must support pre-7.2
> clients. Plain <literal>password</> should be avoided especially for
>
>
> At what point do we just remove the support and say that people need to
> upgrade their clients? Sure, it's up to ppl not to configure it that
> way, but security-wise it's a foot-gun that I think is completely
> unnecessary.
Here's a patch that does this. Will apply unless there are objections.
//Magnus
Attachment | Content-Type | Size |
---|---|---|
cryptauth.patch | text/x-diff | 14.9 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2008-10-27 11:25:28 | Parsing errors in pg_hba.conf |
Previous Message | Heikki Linnakangas | 2008-10-27 10:59:51 | Re: ERRORDATA_STACK_SIZE exceeded (server crash) |