Re: PATCH: warn about, and deprecate, clear text passwords

On Wed, Mar 19, 2025 at 10:06:58AM -0400, Robert Haas wrote:
> On Wed, Mar 19, 2025 at 9:24 AM Greg Sabino Mullane <htamfids(at)gmail(dot)com> wrote:
>>> The user has no particular reason to care about the fact that the
>>> password they just typed ended up in the log. That is a concern for the
>>> DBA, not the user, and even if they care about the DBA's feelings, they
>>> only get the warning after it's too late to do otherwise.
>>
>> Can't the same be said about other warnings, esp. md5?
>
> Absolutely. Warnings are sometimes the right thing, but they often
> suck. If something is really a bad idea, "ERROR: bad idea" is vastly
> superior to "WARNING: what you just already did was a bad idea". If we
> don't actually know for sure that it's a bad idea, then it's generally
> better not to emit a warning at all, for fear of log-spamming people
> who know what they're doing.

FWIW I primarily intended the MD5 password warning to alert folks that the
ability to use MD5 passwords will go away at some point in the future. If
they want to continue to use MD5 passwords for now, they are free to do so.
They can even turn off the warnings. One of the main reasons I'm not
totally sold on a clear-text password warning is because we don't have
agreement on removing that ability anytime soon, not to mention Bruce's
point about the debate extending into mid-March.

--
nathan