Marc G. Fournier wrote: > On Wed, 31 Jul 2002, Bruce Momjian wrote: > > > Ron Snyder wrote: > > > > > > > > Yes, is that your pg_hba.conf line? 'password' is insecure over > > > > networks you don't trust. > > > > > > Yes, we're using 'password password' in our pg_hba.conf file. I trust my > > > network (so far). > > > > That is another major limitation to secondary password files. In fact, > > md5 will not even work because we assume the username is used as the > > salt for the md5 encryption. We don't store the salt as part of the > > encrypted password like crypt does. > > > > This was another reason secondary password files were discouraged. > > discouraged?? where? :)
Well. I meant that they had very limited usefulness. You had to trust your network. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
