Collin wrote:
But make it "hostssl" instead of "host", to require some
cryptography in the channel used, specially to authenticate the
connection.
Opening your access to everyone without crypto sounds like something
you don't want to do. Specially if users can change their own
passwords...
My understanding is no password is sent in the clear with md5 per:
http://www.postgresql.org/docs/8.3/interactive/auth-methods.html#AUTH-PASSWORD
Paul
However, it depends on the sort of data you are accessing. Sending a
MD5 password is all well and good but if your data consists of credit
card info or trade secrets then you'll want that encrypted too.
Yes true, if your data is sensitive, go with SSL.
On the other hand, if you're sending credit card data around, you must
comply with the PCI audit regulation, in which case there is exactly
0.0% chance you're putting your database port on a public network.
Regards,
Paul
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
