On Wed, 31 Jul 2002, Bruce Momjian wrote:
> Marc G. Fournier wrote:
> > On Wed, 31 Jul 2002, Bruce Momjian wrote:
> >
> > > Ron Snyder wrote:
> > > > >
> > > > > Yes, is that your pg_hba.conf line? 'password' is insecure over
> > > > > networks you don't trust.
> > > >
> > > > Yes, we're using 'password password' in our pg_hba.conf file. I trust my
> > > > network (so far).
> > >
> > > That is another major limitation to secondary password files. In fact,
> > > md5 will not even work because we assume the username is used as the
> > > salt for the md5 encryption. We don't store the salt as part of the
> > > encrypted password like crypt does.
> > >
> > > This was another reason secondary password files were discouraged.
> >
> > discouraged?? where? :)
>
> Well. I meant that they had very limited usefulness. You had to trust
> your network.
that is the case for alot of software, and alot of networks nowadays are
moving towards encrypted at the switch level, so the local network itself
is considered to be 'secure' ...
But, personally, you sooooooo sold me on that GUC thing that if we could
implement that in time for v7.3, I think alot of ppl would find that
*quite* valuable ...
