On Sun, 2012-12-16 at 17:24 +0100, Peter Bex wrote: > On Sun, Dec 16, 2012 at 04:54:30PM +0100, Murray Cumming wrote: > > libpq lets me open a connection by specifying a password: > > http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS > > > > Is there any way to specify a hash of the password when connecting, instead of > > providing the password itself? > > What's the use of that? [snip] I would not be storing the plaintext password anywhere. That makes it harder for someone get the plaintext password if they break into the server, and therefore harder for someone to use that password to break into another account if the user has used the same password. There have been plenty of high profile cases recently of password databases being stolen, with those passwords being in plaintext, or hashed without a salt, making user accounts on other systems vulnerable. I'd like to avoid making the same embarrassing mistake. murrayc@xxxxxxxxxxx www.murrayc.com www.openismus.com -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
