On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote:
> ... and, since we can't readily enforce that the client only sends
> those cleartext passwords over suitably-encrypted connections, this
> could easily be a net negative for security. Not sure that I think
> it's a good idea.
I don't understand your point. Can't you just use "hostssl" rather than
"host"?
Also there are some useful cases that don't really require SSL, like
when the client and host are on the same machine, or if you have a
network secured some other way.
Regards,
Jeff Davis
