Stephen Frost <> writes:
> * Tom Lane ( wrote:
>> What happened to "possession of the contents of pg_authid is sufficient
>> to log in"?  I thought fixing that was one of the objectives here.

> Yes, it certainly was.  I think Bruce was thinking that we could simply
> hash what goes on to disk with an additional salt that's stored, but
> that wouldn't actually work without requiring a change to the wireline
> protocol, which is the basis of this entire line of discussion, in my
> view.

Hm, well, "don't change the wireline protocol" could be another wanna-have
... but if we want to stop using MD5, that's not really a realistic goal
is it?

                        regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to