Re: PostgreSQL Password Cracker - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: PostgreSQL Password Cracker
Date
Msg-id 200301020427.h024Rxd24517@candle.pha.pa.us
Whole thread Raw
In response to Re: PostgreSQL Password Cracker  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: PostgreSQL Password Cracker
Re: PostgreSQL Password Cracker
List pgsql-hackers
Yes, I have been feeling we should do that.  Justin pointed out just
yesterday that .pgpass is only mentioned in libpq documentation, and in
fact there is lots of stuff mentioned in libpq that releates to the
other interfaces, so it should be pulled out and put in one place.

Does anyone want to tackle this?

---------------------------------------------------------------------------

Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > What do others think?  I am not sure myself.
> 
> There should definitely be someplace that recommends using SSL across
> insecure networks (if there's not already).  But it doesn't seem to me
> to qualify as a FAQ entry.  Somewhere in the admin guide seems more
> appropriate.  Perhaps under Client Authentication?
> 
> Maybe someone could even put together enough material to create a whole
> chapter on security considerations --- this is hardly the only item
> worthy of mention.
> 
>             regards, tom lane
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073
 


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: PostgreSQL Password Cracker
Next
From: "Serguei Mokhov"
Date:
Subject: pg_dump.options.diff