How the md5 hashed authentication method works? Is it protected against replay attacks? Here is what I have in mind: * If the server stores salted hashed passwords, then I do not see how the server could authenticate the users without getting the password in clear text? * If the server stores (unsalted) password hash values, then basically there is almost no difference between a clear text password and an md5 hash, because anyone can replay the send the same hash value and log in again. Am I missing something? Thanks, Laszlo -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
