Ron Snyder wrote: > > > > Yes, is that your pg_hba.conf line? 'password' is insecure over > > networks you don't trust. > > Yes, we're using 'password password' in our pg_hba.conf file. I trust my > network (so far).
That is another major limitation to secondary password files. In fact, md5 will not even work because we assume the username is used as the salt for the md5 encryption. We don't store the salt as part of the encrypted password like crypt does. This was another reason secondary password files were discouraged. Let me look at adding the colon password capability and see what it looks like. -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
