| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Greg Sabino Mullane <htamfids(at)gmail(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | PATCH: warn about, and deprecate, clear text passwords |
| Date: | 2025-03-17 03:36:36 |
| Message-ID: | CAKFQuwapQ4egH-o10t_okpJeL+ocST7OEPTfviAABKbUznSVbw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sunday, March 16, 2025, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
>
> WARNING: you just caused a problem for somebody else
>
> The user has no particular reason to care about the fact that the
> password they just typed ended up in the log.
>
It could also be:
warning: your password is known to Big Brother
hint: use psql \password to supply a private password, or see “docs/wiki
page” for more details and a way to pre-compute and send a private password
via SQL.
Sure, we can’t make them drink, but let’s at least show them where we put
the water trough. Some of them will care but be unaware.
We can make it an error later and do nothing, removing the choice but to
figure out the proper way of changing their password.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Wieck | 2025-03-17 03:37:29 | Re: TOAST versus toast |
| Previous Message | Peter Smith | 2025-03-17 03:32:39 | Re: TOAST versus toast |