| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Subject: | Re: Defaulting to password_encryption = scram-sha-256 |
| Date: | 2018-10-07 08:03:42 |
| Message-ID: | 20181007080342.GC2710@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Oct 06, 2018 at 11:43:06PM -0700, Andres Freund wrote:
> Now that we probably have shaken the worst issues out of scram,
> shouldn't we change the default password_encryption to something that
> doesn't scare people? The only reason I could think of not wanting to
> do that for is that we don't necessarily guarantee that we have a strong
> random generator, but if that's the issue, we should change initdb to
> default it to something safe if the platform provides something. Which
> is just about any sane one, no?
In short, +1.
The random function issue would apply to any platform in need of
--disable-strong-random, but this applies mainly to some old HP-UX stuff
if my memory serves me well, so I'd like to think that we should be safe
to just switch the default and not complicate initdb.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2018-10-07 08:14:30 | Re: Unclear error message |
| Previous Message | Michael Paquier | 2018-10-07 07:59:56 | Re: pg_upgrade failed with ERROR: null relpartbound for relation 18159 error. |