| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, tgl(at)sss(dot)pgh(dot)pa(dot)us, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PATCH: warn about, and deprecate, clear text passwords |
| Date: | 2025-03-03 17:06:53 |
| Message-ID: | CAKAnmmJWEijijbZ1Zg+gpr88VZdZ=DNz76=zr3eJoL+J5502wg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Mar 3, 2025 at 11:33 AM Nathan Bossart <nathandbossart(at)gmail(dot)com>
wrote:
> I think it would be good to hear some other opinions on whether we should
> consider sending clear-text passwords to the server as either 1) fully
> supported, 2) deprecated but with no intent to remove anytime soon, or 3)
> deprecated with the intent of removal at some point in the next several
> years. I personally am -1 on the warning unless we have a consensus on
> (3), but I'm +1 on adding a way to enforce "pre-encryption" regardless.
>
That's more than fair. And "deprecation" doesn't need to mean that's the
next step in the process. So warn -> deny by default (but allow if you work
at it) -> remove completely. Which is very similar to our md5 path, I
suppose. I'm certainly happy staying at that middle stage for an indefinite
amount of time for both of those, as it means that Postgres is both "secure
by default" but backwards compatible.
--
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2025-03-03 17:08:18 | Re: Log connection establishment timings |
| Previous Message | Jacob Champion | 2025-03-03 17:01:37 | Re: dblink: Add SCRAM pass-through authentication |