On Thu, Oct 15, 2009 at 1:47 PM, Dave Page <dpage@pgadmin.org> wrote:
> On Thu, Oct 15, 2009 at 6:43 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Robert Haas <robertmhaas@gmail.com> writes:
>>> If we were using some kind of real public key system and someone
>>> suggested breaking it to add password complexity checking, I would
>>> understand the outrage here. But I don't understand why everyone is
>>> so worked up about having an *optional* *flag* to force plaintext
>>> instead of MD5. I might be wrong here, but can't a determined
>>> attacker brute-force an MD5 anyway? The very fact that people are
>>> suggesting that password checking might be feasible even on a
>>> pre-MD5'd password by using a dictionary suggests that we're not
>>> getting a whole lot of real security here. And even if not, dude,
>>> it's an *optional* *flag*.
>>
>> Yes, and it's an optional flag that could perfectly well be implemented
>> in the plugin that I think we do have consensus to add a hook for.
>> The argument is over why do we need to litter the core system with it.
>
> I already said that would suit me. The only other requirement I would
> have is a way for pgAdmin or other clients to figure out if that flag
> was set so they could construct queries appropriately (and yes, that
> could include refusing to send plain text passwords over non-SSL
> connections).
OK, so we're in violent agreement here? Except for figuring out how
an API for checking the flag? Could they just try it with MD5 first
and then fall back if that say "no MD5"?
...Robert