On Wed, Sep 27, 2017 at 6:05 PM, Albe Laurenz <laurenz.a...@wien.gv.at> wrote:
> I had the impression that the reasons why database passwords are
> not the best option for high security were:
> 1) The password hash is stored in the database and can be stolen and
>    cracked (don't know if dictionary attacks are harder with SCRAM).
> 2) The password or the password hash are transmitted to the server
>    when you change the password and may be captured.

Having a MD5 hash is enough to connect to the database. No need to crack it.

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to