| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PATCH: warn about, and deprecate, clear text passwords |
| Date: | 2025-03-19 14:06:58 |
| Message-ID: | CA+TgmobL3w8bytd+eOCcpn=NHqqS+vyddcsimv4Yq72sqwWyYw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 19, 2025 at 9:24 AM Greg Sabino Mullane <htamfids(at)gmail(dot)com> wrote:
>> The user has no particular reason to care about the fact that the password they just typed ended up in the log. That is a concern for
>> the DBA, not the user, and even if they care about the DBA's feelings, they only get the warning after it's too late to do otherwise.
>
> Can't the same be said about other warnings, esp. md5?
Absolutely. Warnings are sometimes the right thing, but they often
suck. If something is really a bad idea, "ERROR: bad idea" is vastly
superior to "WARNING: what you just already did was a bad idea". If we
don't actually know for sure that it's a bad idea, then it's generally
better not to emit a warning at all, for fear of log-spamming people
who know what they're doing.
> Robert - would you be more inclined to accept this if we kept the three states, but made the default "allow"? That would still allow people to bump it stronger manually, but would have no effect on everyone else. That would give us time to tweak the wording and/or examine other approaches. Although any other approaches would still leave the need to do something with passwords via ALTER USER / CREATE USER in the interim.
I mean, I do think that is probably a better idea, but I personally
have zero intention of committing this patch regardless. I have seen a
lot of problems in this area working at EDB and my educated guess is
that this solves 0% of them. Now, if enough other people show up to
say "but this would solve 100% of my problems," well then fair enough.
But I think it's entirely reasonable for me to look at the combination
of "this is a class of problem that affects me" and "this proposed
solution would not help me" and be skeptical. I think you'd feel the
same if the situation were reversed. If I came along and proposed some
solution to a PG problem and you agreed that the problem was a problem
but my proposed solution seemed useless, I assume you'd also -1 that
patch.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2025-03-19 14:12:27 | Re: Vacuuming the free space map considered harmful? |
| Previous Message | Christophe Pettus | 2025-03-19 14:06:49 | Re: Vacuuming the free space map considered harmful? |