Tom Lane wrote: > > pgAdmin MD5's the passwords if you use the GUI to change them, or when > > add a user. It doesn't make any attempt to parse the SQL if you enter > > it yourself in the query tool though (nor is it going to). > > No, I wouldn't expect it to go that far. My point is just that > pre-MD5'd passwords are a lot commoner than Albe seems to think.
Point taken. I thought about it some more, and I think that a password checking hook might still be somewhat useful even for MD5-encrypted passwords; the function could guess and exclude at least that dreadful all-too-frequent case of username = password. Yours, Laurenz Albe -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
