Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
Postgres FD Implementation
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Abuhujair Javed
Postgres FD Implementation
Commits
ad14919a
Commit
ad14919a
authored
Feb 03, 2018
by
Peter Eisentraut
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
doc: Update mentions of MD5 in the documentation
Reported-by:
Shay Rojansky
<
roji@roji.org
>
parent
cf1cba31
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
9 additions
and
25 deletions
+9
-25
doc/src/sgml/runtime.sgml
doc/src/sgml/runtime.sgml
+9
-25
No files found.
doc/src/sgml/runtime.sgml
View file @
ad14919a
...
...
@@ -2023,16 +2023,18 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
<variablelist>
<varlistentry>
<term>Password
Storage
Encryption</term>
<term>Password Encryption</term>
<listitem>
<para>
By default, database user passwords are stored as MD5 hashes, so
the administrator cannot determine the actual password assigned
to the user. If MD5 encryption is used for client authentication,
the unencrypted password is never even temporarily present on the
server because the client MD5-encrypts it before being sent
across the network.
Database user passwords are stored as hashes (determined by the setting
<xref linkend="guc-password-encryption"/>), so the administrator cannot
determine the actual password assigned to the user. If SCRAM or MD5
encryption is used for client authentication, the unencrypted password is
never even temporarily present on the server because the client encrypts
it before being sent across the network. SCRAM is preferred, because it
is an Internet standard and is more secure than the PostgreSQL-specific
MD5 authentication protocol.
</para>
</listitem>
</varlistentry>
...
...
@@ -2086,24 +2088,6 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
</listitem>
</varlistentry>
<varlistentry>
<term>Encrypting Passwords Across A Network</term>
<listitem>
<para>
The <literal>MD5</literal> authentication method double-encrypts the
password on the client before sending it to the server. It first
MD5-encrypts it based on the user name, and then encrypts it
based on a random salt sent by the server when the database
connection was made. It is this double-encrypted value that is
sent over the network to the server. Double-encryption not only
prevents the password from being discovered, it also prevents
another connection from using the same encrypted password to
connect to the database server at a later time.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Encrypting Data Across A Network</term>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Shay Rojansky <roji@roji.org>Shay Rojansky <roji@roji.org>