From: Bruce Momjian Date: Mon, 24 Oct 2005 15:49:54 +0000 (+0000) Subject: More forcefully recommend MD5 over crypt authentication. X-Git-Tag: REL8_1_0RC1~36 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=42b689aed4f33bf0bdfdbdfecb724477c98913d5;p=postgresql More forcefully recommend MD5 over crypt authentication. --- diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index a82b79bd7d..e4dff02fa8 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,5 +1,5 @@ @@ -319,11 +319,16 @@ hostnossl database user crypt + + + This option is recommended only for communicating with pre-7.2 + clients. + + Require the client to supply a crypt()-encrypted password for authentication. - md5 is preferred for 7.2 and later clients, - but pre-7.2 clients only support crypt. + md5 is now recommended over crypt. See for details. @@ -589,8 +594,8 @@ local db1,db2,@demodbs all md5 If you are at all concerned about password sniffing attacks then md5 is preferred, with - crypt a second choice if you must support pre-7.2 - clients. Plain password should especially be avoided for + crypt to be used only if you must support pre-7.2 + clients. Plain password should be avoided especially for connections over the open Internet (unless you use SSL, SSH, or another communications security wrapper around the connection).