database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-28 05:21:27 +03:00
Code

doc: Update mentions of MD5 in the documentation

Browse Source 
Reported-by: Shay Rojansky <roji@roji.org>
This commit is contained in:
Peter Eisentraut 2018-02-03 11:29:23 -05:00
parent 1be67528e1
commit 20446a4a04
1 changed files with 9 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
doc/src/sgml/runtime.sgml
View File

@ -2024,16 +2024,18 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term>Password Storage Encryption</term> <term>Password Encryption</term>
<listitem> <listitem>
<para> <para>
By default, database user passwords are stored as MD5 hashes, so Database user passwords are stored as hashes (determined by the setting
the administrator cannot determine the actual password assigned <xref linkend="guc-password-encryption">), so the administrator cannot
to the user. If MD5 encryption is used for client authentication, determine the actual password assigned to the user. If SCRAM or MD5
the unencrypted password is never even temporarily present on the encryption is used for client authentication, the unencrypted password is
server because the client MD5-encrypts it before being sent never even temporarily present on the server because the client encrypts
across the network. it before being sent across the network. SCRAM is preferred, because it
is an Internet standard and is more secure than the PostgreSQL-specific
MD5 authentication protocol.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2087,24 +2089,6 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>Encrypting Passwords Across A Network</term>
<listitem>
<para>
The <literal>MD5</> authentication method double-encrypts the
password on the client before sending it to the server. It first
MD5-encrypts it based on the user name, and then encrypts it
based on a random salt sent by the server when the database
connection was made. It is this double-encrypted value that is
sent over the network to the server. Double-encryption not only
prevents the password from being discovered, it also prevents
another connection from using the same encrypted password to
connect to the database server at a later time.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>Encrypting Data Across A Network</term> <term>Encrypting Data Across A Network</term>