On Thu, Dec 27, 2012 at 12:31:08PM -0300, Claudio Freire wrote:
> On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex wrote:
> >
> > Implementing a more secure challenge-response based algorithm means
> > a change in the client-server protocol. Perhaps something like SCRAM
&g
Hello all,
A while ago, on pgsql-general, I raised the issue that the password
storage employed by postgres is a little weak and promised I'd look
into this during the holidays, so here are my findings.
Implementing bcrypt instead of md5 is indeed rather straightforward;
just move the pgcrypto bl
