Re: PATCH: warn about, and deprecate, clear text passwords

On Tue, Feb 25, 2025 at 10:34 AM Nathan Bossart <nathandbossart(at)gmail(dot)com>
wrote:

> I noticed a nearby thread [0] in which there appears to be some budding
> support for a GUC that disables sending passwords to the server in
> clear-text, at least for CREATE/ALTER ROLE.

Yep, that was the thread that inspired this patch!

Perhaps we just add that for now. (I'm probably well over my quota for new
> GUCs in v18...)
>

Heh.

> IMHO a WARNING would really only be appropriate if we are definitely going
> to remove support in the future, and that feels like a bit of a stretch to
> me due to the level of breakage it could cause. That being said, folks did
> seem on board enough with deprecating MD5 passwords for me to feel
> comfortable committing it, although that might not quite be an
> apples-to-apples comparison. In any case, we've long encouraged folks to
> avoid sending passwords to the server in clear-text, so I think it's
> reasonable to provide some way to enforce that server-side.
>

Yes, I went back and forth on the wording for the warning, but ended up
with a slightly weasely "may be removed" rather than "will be removed". Of
course, no date is explicitly promised, so "will be removed" could be an
accurate. It might just be 75 years from now, when our neural implants make
plain text passwords a quaint relic.

This has a commitfest entry now fwiw:
https://commitfest.postgresql.org/patch/5597/

Thank you for your input on this.

Cheers,
Greg

--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support