Jeff Davis <pgsql@j-davis.com> writes:
> On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote:
>> ... and, since we can't readily enforce that the client only sends
>> those cleartext passwords over suitably-encrypted connections, this
>> could easily be a net negative for security. Not sure that I think
>> it's a good idea.
> I don't understand your point. Can't you just use "hostssl" rather than
> "host"?
My point is that sending cleartext passwords over the wire is an
insecure-by-definition protocol that we shouldn't be encouraging
more use of.
regards, tom lane