Bruce Momjian <pgman@xxxxxxxxxxxxxxxx> writes: > That's what I told him. I think his concern about pre-computed hashes > is the only real issue, and give 'postgres' is usually the super-user, I > can see someone pre-computing md5 postgres hashes and doing quick > comparisons, perhaps as a root kit so you don't have to do the hashing > yourself. I personally don't find that very compelling either. Lessee ... we'll include a complete password hash table in a root kit, which will be used at a point where we've already managed to read pg_shadow but are somehow still lacking the ability to do anything else we could want to the database ... nope, not very compelling. regards, tom lane
