| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PATCH: warn about, and deprecate, clear text passwords |
| Date: | 2025-03-14 18:49:54 |
| Message-ID: | CAKAnmmLqM7ud31MWq2SZGn5WYodudJZSLp0kxwjnqqRewCVjGA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I'd rather not sit on this another year, if we can help it. We really
should be warning people about this practice. The exact wording of the hint
can be up for debate (or postponed - we technically don't have to say
anything other than 'bad idea').
Having the ability to disable clear text passwords seems an immediate win
for those that want to enable it. Sure, we could be doing more, but I don't
see any of the proposed future changes interfering with this patch.
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Florents Tselai | 2025-03-14 18:57:40 | Re: encode/decode support for base64url |
| Previous Message | Hao Zhang | 2025-03-14 18:25:55 | how to see the generated nodetags.h |