From 42b689aed4f33bf0bdfdbdfecb724477c98913d5 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Mon, 24 Oct 2005 15:49:54 +0000 Subject: [PATCH] More forcefully recommend MD5 over crypt authentication. --- doc/src/sgml/client-auth.sgml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index a82b79bd7d..e4dff02fa8 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,5 +1,5 @@ @@ -319,11 +319,16 @@ hostnossl database user crypt + + + This option is recommended only for communicating with pre-7.2 + clients. + + Require the client to supply a crypt()-encrypted password for authentication. - md5 is preferred for 7.2 and later clients, - but pre-7.2 clients only support crypt. + md5 is now recommended over crypt. See for details. @@ -589,8 +594,8 @@ local db1,db2,@demodbs all md5 If you are at all concerned about password sniffing attacks then md5 is preferred, with - crypt a second choice if you must support pre-7.2 - clients. Plain password should especially be avoided for + crypt to be used only if you must support pre-7.2 + clients. Plain password should be avoided especially for connections over the open Internet (unless you use SSL, SSH, or another communications security wrapper around the connection). -- 2.40.0