On Thu, Dec 27, 2012 at 5:39 PM, Peter Bex wrote:
> On Thu, Dec 27, 2012 at 12:31:08PM -0300, Claudio Freire wrote:
>> On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex wrote:
>> >
>> > Implementing a more secure challenge-response based algorithm means
>> > a change in the client-server protocol. Per
On Thu, Dec 27, 2012 at 12:31:08PM -0300, Claudio Freire wrote:
> On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex wrote:
> >
> > Implementing a more secure challenge-response based algorithm means
> > a change in the client-server protocol. Perhaps something like SCRAM
> > (maybe through SASL) really
On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex wrote:
>
> Implementing a more secure challenge-response based algorithm means
> a change in the client-server protocol. Perhaps something like SCRAM
> (maybe through SASL) really is the way forward for this, but that
> seems like quite a project and it
Hello all,
A while ago, on pgsql-general, I raised the issue that the password
storage employed by postgres is a little weak and promised I'd look
into this during the holidays, so here are my findings.
Implementing bcrypt instead of md5 is indeed rather straightforward;
just move the pgcrypto bl
