Stephen Frost <[email protected]> writes:
> * Tom Lane ([email protected]) wrote:
>> What happened to "possession of the contents of pg_authid is sufficient
>> to log in"? I thought fixing that was one of the objectives here.
> Yes, it certainly was. I think Bruce was thinking that we could simply
> hash what goes on to disk with an additional salt that's stored, but
> that wouldn't actually work without requiring a change to the wireline
> protocol, which is the basis of this entire line of discussion, in my
> view.
Hm, well, "don't change the wireline protocol" could be another wanna-have
... but if we want to stop using MD5, that's not really a realistic goal
is it?
regards, tom lane
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
