Tom Lane wrote:
> > pgAdmin MD5's the passwords if you use the GUI to change them, or when
> > add a user. It doesn't make any attempt to parse the SQL if you enter
> > it yourself in the query tool though (nor is it going to).
>
> No, I wouldn't expect it to go that far. My point is just that
> pre-MD5'd passwords are a lot commoner than Albe seems to think.
Point taken.
I thought about it some more, and I think that a password checking
hook might still be somewhat useful even for MD5-encrypted passwords;
the function could guess and exclude at least that dreadful
all-too-frequent case of username = password.
Yours,
Laurenz Albe
