| From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Andres Freund <andres(at)anarazel(dot)de>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, David Fetter <david(at)fetter(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: change password_encryption default to scram-sha-256? |
| Date: | 2019-04-08 12:37:48 |
| Message-ID: | 641b1d77-0fb8-d0fb-b81c-adc2d05c77ed@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 4/8/19 8:19 AM, Peter Eisentraut wrote:
> On 2019-04-08 13:52, Andrew Dunstan wrote:
>> Yeah, if we're not going to do it now we should announce that we will
>> do it in the next release.
>
> Targeting PG13 seems reasonable.
Counter-argument: SCRAM has been available for 2 years since 10 feature
freeze, there has been a lot of time already given to implement support
for it. Given is at least 5 months until PG12 comes out, and each of the
popular drivers already has patches in place, we could default it for 12
and let them know this is a reality.
Given it's superior to the existing methods, it'd be better to encourage
the drivers to get this in place sooner. Given what I know about md5,
I've tried to avoid building apps with drivers that don't support SCRAM.
That said, that would be an aggressive approach, so I would not object
to changing the default for PG13 and giving 17 months vs. 5, but we do
let md5 persist that much longer.
Jonathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan S. Katz | 2019-04-08 12:41:04 | Re: initdb recommendations |
| Previous Message | Heikki Linnakangas | 2019-04-08 12:34:46 | Re: Pluggable Storage - Andres's take |