Re: Encrypting pg_shadow passwords

> > The wire is clearly less secure than pg_shadow.
> 
> ah, you've not had a client rooted lately.

I think most people would disagree.

> the wire is far more secure than many default OS installations.

Maybe time for a new OS.  We run on some pretty secure OS's.

> i will not argue that the double-encryption stuff, and MD5 type stuff is
> better.
> 
> however, forcing the dbadmin to store plain-text passwords in pg_shadow
> is at best unwise.
> 
> giving them the option of my mods is a reasonable step towards allowing
> them to avoid that one-stop-shopping facility for crackers, without breaking
> any existing implementations for those who chose to walk what i consider
> an unsafe path.

The big problem is that when we make a change we have to also talk to
old clients to you would have a pretty complex setup to have 'password'
encryption passing the same crypt over the wire all the time.  If not,
why not use 'crypt' authentication.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026