On Tue, Feb 10, 2015 at 11:25 PM, Peter Geoghegan <p...@heroku.com> wrote:
> On Tue, Feb 10, 2015 at 5:22 PM, Arthur Silva <arthur...@gmail.com> wrote: > > I assume if the hacker can intercept the server unencrypted traffic > and/or > > has access to its hard-drive the database is compromised anyway. > > That sounds like an argument against hashing the passwords in general. > > > -- > Peter Geoghegan > Indeed. In a perfect world SCRAM would be the my choice. FWIW Mongodb 3.0 also uses SCRAM as the preferred method for password based authentication.
