Re: PATCH: warn about, and deprecate, clear text passwords

From: Greg Sabino Mullane <htamfids(at)gmail(dot)com>
To: Nathan Bossart <nathandbossart(at)gmail(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PATCH: warn about, and deprecate, clear text passwords
Date: 2025-03-14 18:49:54
Message-ID: CAKAnmmLqM7ud31MWq2SZGn5WYodudJZSLp0kxwjnqqRewCVjGA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I'd rather not sit on this another year, if we can help it. We really
should be warning people about this practice. The exact wording of the hint
can be up for debate (or postponed - we technically don't have to say
anything other than 'bad idea').

Having the ability to disable clear text passwords seems an immediate win
for those that want to enable it. Sure, we could be doing more, but I don't
see any of the proposed future changes interfering with this patch.

Cheers,
Greg

--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Florents Tselai 2025-03-14 18:57:40 Re: encode/decode support for base64url
Previous Message Hao Zhang 2025-03-14 18:25:55 how to see the generated nodetags.h