On Wed, Nov 30, 2005 at 08:24:34AM -0500, Colton A Smith wrote:
> I specify md5 encryption in my pg_hba.conf file. Would using SSL on
> top of this be overkill?
Specifying md5 in pg_hba.conf affects only password authentication;
everything else will be sent in cleartext.
What's your threat model? What do you want to secure? Just
authentication, or data transfer as well?
--
Michael Fuhr
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to
majordomo@postgresql.org so that your
message can get through to the mailing list cleanly