Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Stephen Frost wrote:
-- Start of PGP signed section.
> * Andrew Dunstan (andrew@dunslane.net) wrote:
> > I think the behaviour on the wire should be more explcitly stated.
> 
> Please comment on the message I just sent to -hackers which has a much
> longer and more detailed explanation of what happens.

The next paragraph in the docs is:
   If you are at all concerned about password   <quote>sniffing</> attacks then <literal>md5</> is preferred, with
<literal>crypt</>a second choice if you must support pre-7.2   clients. Plain <literal>password</> should especially be
avoidedfor   connections over the open Internet (unless you use <acronym>SSL</acronym>, SSH, or   other communications
securitywrappers around the connection).
 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073