From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers(at)postgresql(dot)org, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Subject: | Re: Defaulting to password_encryption = scram-sha-256 |
Date: | 2018-10-07 15:37:20 |
Message-ID: | 18454.1538926640@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Michael Paquier <michael(at)paquier(dot)xyz> writes:
> On Sat, Oct 06, 2018 at 11:43:06PM -0700, Andres Freund wrote:
>> Now that we probably have shaken the worst issues out of scram,
>> shouldn't we change the default password_encryption to something that
>> doesn't scare people? The only reason I could think of not wanting to
>> do that for is that we don't necessarily guarantee that we have a strong
>> random generator, but if that's the issue, we should change initdb to
>> default it to something safe if the platform provides something. Which
>> is just about any sane one, no?
> In short, +1.
> The random function issue would apply to any platform in need of
> --disable-strong-random, but this applies mainly to some old HP-UX stuff
> if my memory serves me well, so I'd like to think that we should be safe
> to just switch the default and not complicate initdb.
Yeah, I don't see why that should affect anything. SCRAM with a poor
random function is probably still better than MD5.
As I recall, the reason for not defaulting to SCRAM right away had
nothing to do with that; it was worry about how many clients would
get locked out for lack of SCRAM support. But the list at
https://wiki.postgresql.org/wiki/List_of_drivers
looks pretty positive, and another year would probably be enough
to give the stragglers time to catch up ... especially if they know
this is coming.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-10-07 15:41:20 | Re: WIP: Avoid creation of the free space map for small tables |
Previous Message | John Naylor | 2018-10-07 15:17:24 | Re: WIP: Avoid creation of the free space map for small tables |