Re: PATCH: warn about, and deprecate, clear text passwords

On Mon, Feb 24, 2025 at 04:20:44PM -0500, Greg Sabino Mullane wrote:
> On Mon, Feb 24, 2025 at 4:18 PM Nathan Bossart <nathandbossart(at)gmail(dot)com>
> wrote:
>> Well, the discussion upthread suggests "disallowing plain text passwords
>> completely"
>
> Yeah, that's more of a long-term dream than a real plan. It would certainly
> be no sooner than Postgres v24 or so...

I noticed a nearby thread [0] in which there appears to be some budding
support for a GUC that disables sending passwords to the server in
clear-text, at least for CREATE/ALTER ROLE. Perhaps we just add that for
now. (I'm probably well over my quota for new GUCs in v18...)

IMHO a WARNING would really only be appropriate if we are definitely going
to remove support in the future, and that feels like a bit of a stretch to
me due to the level of breakage it could cause. That being said, folks did
seem on board enough with deprecating MD5 passwords for me to feel
comfortable committing it, although that might not quite be an
apples-to-apples comparison. In any case, we've long encouraged folks to
avoid sending passwords to the server in clear-text, so I think it's
reasonable to provide some way to enforce that server-side.

[0] https://postgr.es/m/3136308.1740155121%40sss.pgh.pa.us

--
nathan