On 9/27/17, 7:41 AM, "Peter Eisentraut" <peter.eisentr...@2ndquadrant.com> wrote: > On 9/25/17 23:10, Bossart, Nathan wrote: >> One interesting design challenge will be how to handle pre-hashed >> passwords, since the number of checks we can do on those is pretty >> limited. I'm currently thinking of a parameter that can be used to >> block, allow, or force pre-hashed passwords. > > Pre-hashed passwords are the normal case. You can't break that without > making this module a net loss in security.
A strength in making this configurable is that you could use it to enforce that passwords are pre-hashed. But yes, blocking pre- hashed passwords could be undesirable given an untrusted network or server. Nathan -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers