Re: PATCH: warn about, and deprecate, clear text passwords

On Mon, 3 Mar 2025 at 12:07, Greg Sabino Mullane <htamfids(at)gmail(dot)com> wrote:

> On Mon, Mar 3, 2025 at 11:33 AM Nathan Bossart <nathandbossart(at)gmail(dot)com>
> wrote:
>
>> I think it would be good to hear some other opinions on whether we should
>> consider sending clear-text passwords to the server as either 1) fully
>> supported, 2) deprecated but with no intent to remove anytime soon, or 3)
>> deprecated with the intent of removal at some point in the next several
>> years. I personally am -1 on the warning unless we have a consensus on
>> (3), but I'm +1 on adding a way to enforce "pre-encryption" regardless.
>>
>
> That's more than fair. And "deprecation" doesn't need to mean that's the
> next step in the process. So warn -> deny by default (but allow if you work
> at it) -> remove completely. Which is very similar to our md5 path, I
> suppose. I'm certainly happy staying at that middle stage for an indefinite
> amount of time for both of those, as it means that Postgres is both "secure
> by default" but backwards compatible.
>

It's too bad we didn't have this discussion a few years ago. We could have
decided that SCRAM authentication doesn't allow sending cleartext passwords
and then relied on the phase-out of MD5 passwords to phase out sending of
cleartext passwords.