On Mon, 9 Oct 2000, Tom Lane wrote:
..
> We have talked about adding a higher-security login protocol --- you can
> find past threads about this in the pghackers archive. IIRC a fairly
> complete design was worked out, but no one's got round to implementing
> it yet. There might still have been some unresolved objections, too.
>
> regards, tom lane
Perhaps I didn't make my point clear: The only point of a password is to
protect something. If that something is transmitted in the clear, then
from a hackers point of view there's almost no point in having a password.
Of course this only applies to fetching data.. updates are a different
story.
So. If working with sensitive data, shouldn't the data be encrypted as
well, not just the login sequence? Is ssh a good way to go (assuming you
have an account on the PG machine), and is what I proposed possible?
-Cedar
