On Wed, Jul 13, 2005 at 11:18:04PM -0500, Bob wrote: > Here is the link in case your fingers are broken and it hurts to type;) > http://www.postgresql.org/docs/8.0/interactive/encryption-options.html
I think the "Password Storage Encryption" paragraph needs a note similar to what Stephen Frost wrote in http://archives.postgresql.org/pgsql-hackers/2005-04/msg00634.php at the end. The encryption-options.html page says: "If MD5 encryption is used for client authentication, the unencrypted password is never even temporarily present on the server [...]" which is right and wrong at the same time because the md5 hash becomes sort of a new cleartext password. Joachim ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
