Re: PATCH: warn about, and deprecate, clear text passwords

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Greg Sabino Mullane <htamfids(at)gmail(dot)com>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PATCH: warn about, and deprecate, clear text passwords
Date: 2025-03-14 15:21:30
Message-ID: Z9RJethZdgCq1Tgq@nathan
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Mon, Mar 03, 2025 at 01:54:59PM -0500, Robert Haas wrote:
> Oh, good point. I don't know. I just have heard a LOT of complaining
> about passwords showing up in the log, and I'm not sure insisting that
> they have to all be encrypted is going to make all of the complaining
> stop.

+1. At this point, IMHO we should consider this v19 material to provide
more time for discussion on the best way to tackle this problem. Blocking
plain-text passwords in CREATE/ALTER ROLE commands may be part of it, but
as Robert notes, we might need to do more.

--
nathan

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message David G. Johnston 2025-03-14 15:26:32 Re: Adding a '--clean-publisher-objects' option to 'pg_createsubscriber' utility.
Previous Message Fujii Masao 2025-03-14 15:07:25 Re: Add “FOR UPDATE NOWAIT” lock details to the log.