On Thu, Dec 27, 2012 at 5:39 PM, Peter Bex peter@xs4all.nl wrote:
On Thu, Dec 27, 2012 at 12:31:08PM -0300, Claudio Freire wrote:
On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex peter@xs4all.nl wrote:
Implementing a more secure challenge-response based algorithm means
a change in the
Hello all,
A while ago, on pgsql-general, I raised the issue that the password
storage employed by postgres is a little weak and promised I'd look
into this during the holidays, so here are my findings.
Implementing bcrypt instead of md5 is indeed rather straightforward;
just move the pgcrypto
On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex peter@xs4all.nl wrote:
Implementing a more secure challenge-response based algorithm means
a change in the client-server protocol. Perhaps something like SCRAM
(maybe through SASL) really is the way forward for this, but that
seems like quite a
On Thu, Dec 27, 2012 at 12:31:08PM -0300, Claudio Freire wrote:
On Thu, Dec 27, 2012 at 11:46 AM, Peter Bex peter@xs4all.nl wrote:
Implementing a more secure challenge-response based algorithm means
a change in the client-server protocol. Perhaps something like SCRAM
(maybe through