<div dir="ltr"><br /><div class="gmail_extra"><br /><div class="gmail_quote">On Tue, Feb 10, 2015 at 11:25 PM, Peter
Geoghegan<span dir="ltr"><<a href="mailto:pg@heroku.com" target="_blank">pg@heroku.com</a>></span> wrote:<br
/><blockquoteclass="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class="">OnTue, Feb 10, 2015 at 5:22 PM, Arthur Silva <<a
href="mailto:arthurprs@gmail.com">arthurprs@gmail.com</a>>wrote:<br /> > I assume if the hacker can intercept the
serverunencrypted traffic and/or<br /> > has access to its hard-drive the database is compromised anyway.<br /><br
/></span>Thatsounds like an argument against hashing the passwords in general.<br /><span class="HOEnZb"><font
color="#888888"><br/><br /> --<br /> Peter Geoghegan<br /></font></span></blockquote></div><br /></div><div
class="gmail_extra">Indeed.<br/><br /></div><div class="gmail_extra">In a perfect world SCRAM would be the my choice.
FWIWMongodb 3.0 also uses SCRAM as the preferred method for password based authentication.<br /></div></div>
