Quick Links

Re: Add a warning message when using unencrypted passwords

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Guillaume Lelarge <guillaume(dot)lelarge(at)dalibo(dot)com>
Cc:	pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: Add a warning message when using unencrypted passwords
Date:	2025-02-04 16:59:43
Message-ID:	649465.1738688383@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Guillaume Lelarge <guillaume(dot)lelarge(at)dalibo(dot)com> writes:
> v2 is attached.

This seems pretty much entirely useless to me. The password
has already been leaked to the log (*and* the network, if
session is unencrypted), so what's the point of a warning?
And as already noted, this ignores several other hazards of
the same sort, so it's more likely to create a false sense of
security than anything else.

(In addition to the points noted, what of event triggers?
Or ~/.psql_history?)

regards, tom lane

In response to

Re: Add a warning message when using unencrypted passwords at 2025-02-04 16:46:01 from Guillaume Lelarge

Responses

Re: Add a warning message when using unencrypted passwords at 2025-02-04 18:14:15 from Guillaume Lelarge

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Matthias van de Meent	2025-02-04 17:15:08	Re: RFC: Packing the buffer lookup table
Previous Message	Tomas Vondra	2025-02-04 16:54:06	Re: Should heapam_estimate_rel_size consider fillfactor?