PATCH: warn about, and deprecate, clear text passwords

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Greg Sabino Mullane <htamfids(at)gmail(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: PATCH: warn about, and deprecate, clear text passwords
Date: 2025-03-17 03:36:36
Message-ID: CAKFQuwapQ4egH-o10t_okpJeL+ocST7OEPTfviAABKbUznSVbw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sunday, March 16, 2025, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
>
> WARNING: you just caused a problem for somebody else
>
> The user has no particular reason to care about the fact that the
> password they just typed ended up in the log.
>

It could also be:

warning: your password is known to Big Brother
hint: use psql \password to supply a private password, or see “docs/wiki
page” for more details and a way to pre-compute and send a private password
via SQL.

Sure, we can’t make them drink, but let’s at least show them where we put
the water trough. Some of them will care but be unaware.

We can make it an error later and do nothing, removing the choice but to
figure out the proper way of changing their password.

David J.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jan Wieck 2025-03-17 03:37:29 Re: TOAST versus toast
Previous Message Peter Smith 2025-03-17 03:32:39 Re: TOAST versus toast