On Wed, 31 Jul 2002, Bruce Momjian wrote:
> Ron Snyder wrote:
> > >
> > > Yes, is that your pg_hba.conf line? 'password' is insecure over
> > > networks you don't trust.
> >
> > Yes, we're using 'password password' in our pg_hba.conf file. I trust my
> > network (so far).
>
> That is another major limitation to secondary password files. In fact,
> md5 will not even work because we assume the username is used as the
> salt for the md5 encryption. We don't store the salt as part of the
> encrypted password like crypt does.
>
> This was another reason secondary password files were discouraged.
discouraged?? where? :)