|PostgreSQL Reference Manual - Volume 3 - Server Administration Guide|
by The PostgreSQL Global Development Group
Paperback (6"x9"), 204 pages
RRP £13.95 ($24.95)
Sales of this book support the PostgreSQL project! Get a printed copy>>>
7.2.2 Password authentication
The password-based authentication methods are
password. These methods operate
similarly except for the way that the password is sent across the
connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
A limitation is that the
crypt method does not work with
passwords that have been encrypted in
If you are at all concerned about password
“sniffing” attacks then
md5 is preferred, with
crypt to be used only if you must support pre-7.2
password should be avoided especially for
connections over the open Internet (unless you use SSL,
SSH, or another
communications security wrapper around the connection).
PostgreSQL database passwords are
separate from operating system user passwords. The password for
each database user is stored in the
catalog. Passwords can be managed with the SQL commands
CREATE USER and
CREATE USER foo WITH PASSWORD 'secret';.
By default, that is, if no password has been set up, the stored password
is null and password authentication will always fail for that user.
|ISBN 0954612043||PostgreSQL Reference Manual - Volume 3 - Server Administration Guide||See the print edition|