"Peter J. Holzer" <hjp-pgsql@xxxxxx> writes: > The web framework Django will automatically and transparently rehash any > password with the currently preferred algorithm if it isn't stored that > way already. Really? That implies that the framework has access to the original cleartext password, which is a security fail already. > Can PostgreSQL do that, too? (I haven't found anything) No. The server has only the hashed password, it can't reconstruct the original. > If the password for the user is stored as an MD5 hash, the server > replies to the startup message with an AuthenticationCleartextPassword > respnse to force the client to send the password in the clear > (obviously you only want to do that if the connection is TLS-encrypted > or otherwise safe from eavesdropping). I think this idea is a nonstarter, TLS or not. We're generally moving in the direction of never letting the server see cleartext passwords. It's already possible to configure libpq to refuse such requests (see require_auth parameter), although that hasn't been made the default. regards, tom lane
