On Thu, 25 Apr 2002 13:32:27 -0400 "Tom Lane" <[EMAIL PROTECTED]> wrote: > Neil Conway <[EMAIL PROTECTED]> writes: > > IMHO, there are two separate processes going on here: > > The connection you are missing is that hashed password storage is > incompatible with crypt-style password transmission.
Ah, ok -- that makes sense. > If we force > hashed storage then the only password transmission style available > to pre-7.2 clients is cleartext. It's not at all clear that securing > the on-disk representation is a more important goal than wire security. I'd agree they are both important. How many pre-7.2 clients are actually out there? If 'crypt' authentication is deprecated in 7.2, is there any chance it will be removed in 7.3? If it is, it should be safe to switch to the scheme I mentioned in my previous email, which is both less complicated, and "secure-by-default". Cheers, Neil -- Neil Conway <[EMAIL PROTECTED]> PGP Key ID: DB3C29FC ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
