Bruce Momjian <bruce@momjian.us> writes:
> Tom Lane wrote:
>> But the main point is to hide the cleartext password, in any case.
> What if we added a GUC that only allowed password changes via an SSL
> connection.
How's that help? The user has already exposed their new choice of
password to any hypothetical eavesdropper. Of course, if they're smart,
they'll pick a different password before they try again on a secure
connection ... but good luck hoping for that.
(And, again, there is ABSOLUTELY NO NEED for us to put such debatable
policies into the core. Anyone who thinks that's a good idea can have
his password-check plugin enforce it.)
regards, tom lane