On Monday, March 24, 2014 1:19:39 PM CEST, Axel Rau wrote:
We could use the pg extension pgcrypto, which has PGP encryption:
http://www.postgresonline.com/journal/archives/165-Encrypting-data-with-pgcrypto.html
Arnt, can this be put on the TODO list?
It's easy to do without. I expect 100-150 lines of code. It's just that
when you hash or encrypt in the db, you lose the ability to use
challenge/response authentication, so the password becomes much easier to
snoop on the wire.
Patches welcome. Or I'll do it at some point.
Btw, SASL OAUTH makes this problem much smaller, since the "password"
that's sent over the wire is less powerful than the real password.
Arnt
