Re: sunsetting md5 password support

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jim Nasby <jnasby(at)upgrade(dot)com>
Cc: Greg Sabino Mullane <htamfids(at)gmail(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: sunsetting md5 password support
Date: 2024-10-28 21:24:02
Message-ID: 38126.1730150642@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Jim Nasby <jnasby(at)upgrade(dot)com> writes:
> Patch itself looks good, but it does leave me wondering if cleartext should also be deprecated?

Not much point unless we also deprecate all of the other auth methods
that require cleartext password transmission, which from a quick
scan include PAM, BSD, LDAP, and RADIUS. Seems unlikely to fly.

In any case, I don't think this is about password security per se.
It's more about deprecating a method that might look like it's
secure but isn't. In the case of the cleartext-password methods,
it's obvious that you'd better use SSL or GSS encryption if you
want your password hidden from network tapping.

I don't recall how in-your-face we are about that point, but
certainly the docs need to be up front about it, and probably
make the point explicitly with respect to the four methods
listed above.

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Nathan Bossart 2024-10-28 21:47:20 Re: Assertion failure when autovacuum drops orphan temp indexes.
Previous Message Alexander Korotkov 2024-10-28 21:18:27 Re: Removing unneeded self joins