On Wed, Nov 30, 2005 at 08:24:34 -0500, Colton A Smith <smith@xxxxxxxxxx> wrote: > > I specify md5 encryption in my pg_hba.conf file. Would using SSL on > top of this be overkill? md5 password hashing doesn't buy a whole lot. If packet sniffing is a significant threat for you, you probably want to consider forcing clients to use ssl. If you have cpu cycles to burn, you probably also want to use it.