The doc says « if you are at all concerned about password "sniffing" attacks then md5 is preferred. » but does not say why. It would seem that an MD5 hash can be sniffed and replayed just as well as a clear-text password.
Maybe the doc needs to explain why "md5" is more secure than "password". Or, if it isn't, say so. -- André Majorel http://www.teaser.fr/~amajorel/ -- Sent via pgsql-docs mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
