Re: PATCH: warn about, and deprecate, clear text passwords

>
> The user has no particular reason to care about the fact that the password
> they just typed ended up in the log. That is a concern for
> the DBA, not the user, and even if they care about the DBA's feelings,
> they only get the warning after it's too late to do otherwise.

Can't the same be said about other warnings, esp. md5?

Attached is a rebase of the patch.

I'm a little confused at some of the pushback - this patch is 100%
backwards compatible, addresses a specific requested concern by allowing a
DBA to disallow clear text passwords, and adds a warning to what is clearly
a bad practice that we should be discouraging.

Robert - would you be more inclined to accept this if we kept the three
states, but made the default "allow"? That would still allow people to bump
it stronger manually, but would have no effect on everyone else. That would
give us time to tweak the wording and/or examine other approaches. Although
any other approaches would still leave the need to do something with
passwords via ALTER USER / CREATE USER in the interim.

Cheers,
Greg

--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support