| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Greg Sabino Mullane <htamfids(at)gmail(dot)com>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PATCH: warn about, and deprecate, clear text passwords |
| Date: | 2025-03-14 15:21:30 |
| Message-ID: | Z9RJethZdgCq1Tgq@nathan |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Mar 03, 2025 at 01:54:59PM -0500, Robert Haas wrote:
> Oh, good point. I don't know. I just have heard a LOT of complaining
> about passwords showing up in the log, and I'm not sure insisting that
> they have to all be encrypted is going to make all of the complaining
> stop.
+1. At this point, IMHO we should consider this v19 material to provide
more time for discussion on the best way to tackle this problem. Blocking
plain-text passwords in CREATE/ALTER ROLE commands may be part of it, but
as Robert notes, we might need to do more.
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2025-03-14 15:26:32 | Re: Adding a '--clean-publisher-objects' option to 'pg_createsubscriber' utility. |
| Previous Message | Fujii Masao | 2025-03-14 15:07:25 | Re: Add “FOR UPDATE NOWAIT” lock details to the log. |