On Thu, 2009-10-15 at 13:19 -0400, Robert Haas wrote: > But I don't understand why everyone is > so worked up about having an *optional* *flag* to force plaintext > instead of MD5.
It would be pretty bad usability. Users would be faced with the choice: you can have secure authentication or good passwords, but not both. (For some values of "secure" and "good".) I think most people would want both. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers