Re: Re: Encrypting pg_shadow passwords

Hi -

tgl wrote:

: [...]
: > : What this discussion seems to come down to is whether we should take a
: > : backward step in one area of security (security against wire-sniffing)
: > : to take a forward step in another (not storing plaintext passwords).
:
: > It seems to me that the two issues are orthogonal.
:
: In the abstract yes, but not when you have a constraint that you can't
: change the protocol or the client-side code.  Remember we are talking
: about a backwards-compatibility mode.

Having scanned over the discussion again, my understanding is that Jim's
proposed changes don't affect backwards compatibility.  As long as user
passwords continue to be passed in plaintext to the server, the server
can store encrypted passwords in the authentication table.

Protecting against wire snooping could properly be left to another
layer, which might indeed require client & server changes (unless
performed by some external system like stunnel).  Wouldn't that be
sufficient, and avoid the need to invent anything special just for
postgresql?

- FChE