Tom Lane wrote: > Neil Conway <[EMAIL PROTECTED]> writes: > > IMHO, there are two separate processes going on here: > > The connection you are missing is that hashed password storage is > incompatible with crypt-style password transmission. If we force > hashed storage then the only password transmission style available > to pre-7.2 clients is cleartext. It's not at all clear that securing > the on-disk representation is a more important goal than wire security. > (Perhaps it is for some cases, but in other cases it's surely not.) > So the parameter variable is there to let the DBA choose which he's > more worried about. > > We should probably change the default setting for 7.3, but I don't > think we'll be able to force hashed storage of passwords in all > installations for awhile longer yet.
If we change that default in 7.3, pg_dump reload will md5 encrypt the passwords supplied from 7.2. Is that OK, and we can require them to set it to 'false' if they want pre-7.2 crypt compatibility? If so, I can make the change. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
