On Wed, Nov 30, 2005 at 08:24:34AM -0500, Colton A Smith wrote: > I specify md5 encryption in my pg_hba.conf file. Would using SSL on > top of this be overkill? Specifying md5 in pg_hba.conf affects only password authentication; everything else will be sent in cleartext. What's your threat model? What do you want to secure? Just authentication, or data transfer as well? -- Michael Fuhr
