Jorge Godoy wrote:
> Em Monday 03 March 2008 08:08:36 Raymond O'Donnell escreveu:
>
>> On 03/03/2008 11:01, dfx wrote:
>>
>>> The question il: Is there a method to avoid to insert the addesses of
>>> the clients in the pg_hba.conf and to allow connections from internet
>>> with security assured only by username and password?
>>>
>> Yes, that's what people have been explaining: you insert a line
>> something like:
>>
>> host [database] [user] 0.0.0.0/0 md5
>>
>
> But make it "hostssl" instead of "host", to require some cryptography in the
> channel used, specially to authenticate the connection.
>
> Opening your access to everyone without crypto sounds like something you don't
> want to do. Specially if users can change their own passwords...
My understanding is no password is sent in the clear with md5 per:
http://www.postgresql.org/docs/8.3/interactive/auth-methods.html#AUTH-PASSWORD
Paul