* Bruce Momjian (br...@momjian.us) wrote: > On Wed, Mar 4, 2015 at 05:56:25PM -0800, Josh Berkus wrote: > > So, are we more worried about attackers getting a copy of pg_authid, or > > sniffing the hash on the wire? > > Both. Stephen is more worried about pg_authid, but I am more worried > about sniffing.
I'm also worried about both, but if the admin is worried about sniffing in their environment, they're much more likely to use TLS than to set up client side certificates, kerberos, or some other strong auth mechanism, simply because TLS is pretty darn easy to get working and distros set it up for you by default. Thanks, Stephen
Description: Digital signature