Re: PG 14 release notes, first draft

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
Cc: Ian Lawrence Barwick <barwick(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PG 14 release notes, first draft
Date: 2021-05-17 02:51:02
Message-ID: 20210517025102.GA24531@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sat, May 15, 2021 at 07:05:35PM -0400, Álvaro Herrera wrote:
> On 2021-May-12, Bruce Momjian wrote:
>
> > OK, updated text:
> >
> > <listitem>
> > <!--
> > Author: Peter Eisentraut <peter(at)eisentraut(dot)org>
> > 2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
> > -->
> >
> > <para>
> > Change the default of the password_encryption server parameter
> > to scram-sha-256 (Peter Eisentraut)
> > </para>
> >
> > <para>
> > Previously it was md5. All new passwords will be stored as SHA256
> > unless this server variable is changed or the password is already
> > md5-hashed. Also, the legacy (and undocumented) boolean-like
> > values which were previously synonyms of <literal>md5</literal>
> > are no longer accepted.
> > </para>
> > </listitem>
>
> Thanks, looks ok as far as what the original point was about.
>
> I have to say that this sentence is a bit odd: "All new passwords will
> be stored as sha256 unless ... the password is already md5-hashed".
> Does this mean that if you change a password for a user whose password
> was md5, the new one is stored as md5 too even if the setting is
> scram-sha-256? Or if "the password" means an old password, then why is
> it a new password?

OK, what I was trying to say was that if you dump/restore, and the old
password was md5, the newly-restored password will be md5, but it was
very unclear. I changed it to this:

<listitem>
<!--
Author: Peter Eisentraut <peter(at)eisentraut(dot)org>
2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
Author: Peter Eisentraut <peter(at)eisentraut(dot)org>
2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
-->

<para>
Change the default of the password_encryption server parameter to
scram-sha-256 (Peter Eisentraut)
</para>

<para>
Previously it was md5. All new passwords will be stored as SHA256
unless this server variable is changed or the password is specified
in md5 format. Also, the legacy (and undocumented) boolean-like
values which were previously synonyms for <literal>md5</literal>
are no longer accepted.
</para>
</listitem>

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

If only the physical world exists, free will is an illusion.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andy Fan 2021-05-17 02:52:22 Re: Condition pushdown: why (=) is pushed down into join, but BETWEEN or >= is not?
Previous Message Michael Paquier 2021-05-17 01:55:57 Re: Rewriting the test of pg_upgrade as a TAP test - take three - remastered set