Stephen Frost wrote:
Is it actually doing challenge-response where the challenge is different
each time?
The docs say:
AuthenticationMD5Password
The frontend must now send a PasswordMessage containing the password
encrypted via MD5, using the 4-character salt specified in the
AuthenticationMD5Password message. If this is the correct password,
the server responds with an AuthenticationOk, otherwise it responds
with an ErrorResponse.
A little investigation reveals that this is port->md5salt which is 4
random bytes set up fresh per connection (see src/backend/libpq/auth.c
and src/backend/postmaster/postmaster.c). So it seems indeed to be a
true (small) one time challenge token, unless I've missed something.
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
