Stephen Frost <sfr...@snowman.net> writes: > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> What happened to "possession of the contents of pg_authid is sufficient >> to log in"? I thought fixing that was one of the objectives here.
> Yes, it certainly was. I think Bruce was thinking that we could simply > hash what goes on to disk with an additional salt that's stored, but > that wouldn't actually work without requiring a change to the wireline > protocol, which is the basis of this entire line of discussion, in my > view. Hm, well, "don't change the wireline protocol" could be another wanna-have ... but if we want to stop using MD5, that's not really a realistic goal is it? regards, tom lane -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers