"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>If I understand the original objection it's that passwords are stored
>in cleartext on the postmaster machine.
You understand the original objection, but you don't understand the basis for
the objection.
>That's not much of an
>objection since you have to have your secrets available in the clear
>on both ends of a connection if you want the traffic on the
>connection secured.
This is true. However, the problem is that people reuse passwords. By
hashing the password on both ends of the connection with a known random
salt, you achieve the same result as if people did not reuse passwords,
i.e., a root compromise of the postgres server will not give the perpetrator
access to anything other than the specific postgres account on that server.
Without encryption, such a compromise would very likely lead to further
compromises of other services secured by the same password as was used for
postgres access.
Users are their own worst enemy. This is a small thing we can do to protect
them from themselves.
-Michael
