>> There is a challenge/response compoent, so the md5 hash which is stored >> is not what is sent across the wire. That prevents replay attacks when >> the attacker is simply sniffing the network. > Worth noting here is that the challenge key space is not all that huge, > so an attacker who captures a large number of challenge/response pairs > would have a good probability of being able to answer the next challenge > successfully. However, if you're concerned about sniffing of your > database connections happening on that scale, you really ought to be using > SSL encryption which would make the whole thing moot. In many cases, > capturing a database session would reveal lots of interesting data passing > over the wire whether or not you'd captured a usable password --- so I'd > call it fairly irresponsible to not be using SSL if you think your > connection is open to sniffing. Thank you for your responses, this is exactly what I was looking for. -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
