On Tue, Jul 7, 2009 at 10:09 AM, Heikki Linnakangas<[email protected]> wrote: > > What kind of attacks would this protect against? Seems a bit pointless > to me if the password is being sent to the server anyway. If the > attacker has superuser access to the server, he can harvest the > passwords as the clients send them in. If he doesn't, the usual access > controls with GRANT/REVOKE would be enough.
It would still protect against offline attacks such as against backup files. -- greg http://mit.edu/~gsstark/resume.pdf -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
