Peter Bex <Peter.Bex@xxxxxxxxx> writes: > On Sun, Dec 16, 2012 at 05:38:37PM +0100, Murray Cumming wrote: >> I would not be storing the plaintext password anywhere. That makes it >> harder for someone get the plaintext password if they break into the >> server, and therefore harder for someone to use that password to break >> into another account if the user has used the same password. > If they do break in and are able to retrieve the password hash, they > can still break in with that hash. Right, they can break into *this account*. But Murray is worrying about the all-too-common case where a user has used the same or similar password for multiple sites. I think his goal of not having the original password stored anywhere is laudable. Perhaps I'm missing the context here, but it seems unlikely that the users have any direct access to the database. If they can only get to it through the website, then what about the idea of hashing the original text, and then using that hashed string as the database password? IOW I don't see why this must be implemented inside libpq rather than in the website logic. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general