password_encryption, default and 'plain' support

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: password_encryption, default and 'plain' support
Date: 2017-05-03 11:31:10
Message-ID: 16e9b768-fd78-0b12-cfc1-7b6b7f238fde@iki.fi
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

In various threads on SCRAM, we've skirted around the question of
whether we should still allow storing passwords in plaintext. I've
avoided discussing that in those other threads, because it's been an
orthogonal question, but it's a good question and we should discuss it.

So, I propose that we remove support for password_encryption='plain' in
PostgreSQL 10. If you try to do that, you'll get an error.

Another question that's been touched upon but not explicitly discussed,
is whether we should change the default to "scram-sha-256". I propose
that we do that as well. If you need to stick to md5, e.g. because you
use drivers that don't support SCRAM yet, you can change it in
postgresql.conf, but the majority of installations that use modern
clients will be more secure by default.

- Heikki

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2017-05-03 11:38:58 Re: password_encryption, default and 'plain' support
Previous Message Erik Rijkers 2017-05-03 11:23:19 Re: Logical replication - TRAP: FailedAssertion in pgstat.c