ssl and/or md5 encryption
This is a discussion on ssl and/or md5 encryption within the pgsql Admins forums, part of the PostgreSQL category; --> Hi: I specify md5 encryption in my pg_hba.conf file. Would using SSL on top of this be overkill? Thanks ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-10-2008, 05:32 AM
| ||||
| ||||
 ssl and/or md5 encryption Hi: I specify md5 encryption in my pg_hba.conf file. Would using SSL on top of this be overkill? Thanks ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings      |
|
04-10-2008, 05:33 AM
| |||
| |||
| Re: ssl and/or md5 encryption On Wed, Nov 30, 2005 at 08:24:34AM -0500, Colton A Smith wrote: > I specify md5 encryption in my pg_hba.conf file. Would using SSL on > top of this be overkill? Specifying md5 in pg_hba.conf affects only password authentication; everything else will be sent in cleartext. What's your threat model? What do you want to secure? Just authentication, or data transfer as well? -- Michael Fuhr ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly |
|
04-10-2008, 05:33 AM
| ||||
| ||||
| Re: ssl and/or md5 encryption On Wed, Nov 30, 2005 at 08:24:34 -0500, Colton A Smith <smith@cs.utk.edu> wrote: > > I specify md5 encryption in my pg_hba.conf file. Would using SSL on > top of this be overkill? md5 password hashing doesn't buy a whole lot. If packet sniffing is a significant threat for you, you probably want to consider forcing clients to use ssl. If you have cpu cycles to burn, you probably also want to use it. ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings |
Linear Mode
