From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Noah Misch <noah(at)leadboat(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andreas Karlsson <andreas(at)proxel(dot)se>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: SCRAM in the PG 10 release notes |
Date: | 2017-09-20 00:44:51 |
Message-ID: | CAMkU=1yc9_3Fh9MmWUfyg3V7sRHoWBcPNwbi=wCdUkZ7u_hEnA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Sep 19, 2017 at 4:29 PM, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
wrote:
> On Wed, Sep 20, 2017 at 6:55 AM, Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
> > On Tue, Sep 19, 2017 at 1:32 PM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
> wrote:
> >> I'm not sure what exactly to do here. Where should we stick that notice?
> >> We could put it in the release notes, where the bullet point about
> SCRAM is,
> >> but it would be well hidden. If we want to give advice to people who
> might
> >> not otherwise pay attention, it should go to a more prominent place. In
> the
> >> "Migration to version 10" section perhaps. Currently, it only lists
> >> incompatibilities, which this isn't. Perhaps put the notice after the
> list
> >> of incompatibilities (patch attached)?
> >
> > I guess I'm late to the party, but I don't see why this is needed at all.
> > We encourage people to use any and all new features which are
> appropriate to
> > them--that is why we implement new features. Why does this feature need
> a
> > special invitation?
>
> There have been continuous complains on those lists for the last 5
> years or so that MD5 is "weak" and should be avoided. Well, Postgres
> is not wrong in the way it uses MD5 in itself, backups including raw
> MD5 hashes being more of a problem. But I would think that it is fair
> to tell in a louder to such folks that Postgres has actually done
> something on the matter.
>
People who are stressed out about it but use PostgreSQL anyway will see it
in the release notes and recognize the importance (to them) without being
told. People who don't use PostgreSQL at all due to the issue aren't going
to be reading the release notes anyway. The place to be louder about "this
is now available" is in the announcement and press release, and in the
(currently unwritten) "E.1.1. Overview", not down in the guts.
Meanwhile the people who don't know enough about it to understand why our
use of md5 "is not wrong", will just see "encourage" and "better security"
and then go lock their users and themselves out of their database and have
a generally miserable experience.
I think the proposed invitation is too strong and warning is too weak.
Especially as there seems to be no way to audit server-side what
drivers/versions people are connecting with. You either have to track down
every client and identify the correct binaries and run ldd against them (or
whatever you would have to do on Windows), or just go ahead and break it
and see who calls.
The people who need this don't need to be encouraged to use it, they just
need to know it exists. The people who need to be encouraged are going to
shoot themselves in the foot.
Cheers,
Jeff
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2017-09-20 00:45:25 | Re: SCRAM in the PG 10 release notes |
Previous Message | Peter Geoghegan | 2017-09-19 23:55:38 | Re: GUC for cleanup indexes threshold. |