| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: sunsetting md5 password support |
| Date: | 2024-10-10 20:13:30 |
| Message-ID: | Zwg1ascZvgt0IKjO@nathan |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Oct 10, 2024 at 02:11:53AM +0300, Heikki Linnakangas wrote:
> My feeling is that it would be less confusing to users to just disallow md5
> passwords in one release. I'm not sure these intermediate steps are really
> doing anyone any favors.
As I'm reading the various responses in this thread, I do find myself
leaning in this direction. My intent with the incremental approach was to
provide gentle reminders to migrate for a few years before removing support
completely, but I suppose there will always be a subset of users that will
wait until we actually follow through. If we went this route, we could
still do step 1 (add deprecation notices), but there would just be one more
step along the lines of "after X years, remove all support." (Or maybe we
would remove server support after X years and then remove libpq support
after Y more years.)
In general, it seems like folks are generally onboard with removing MD5
password support. For v18, the only thing I'm hoping to accomplish is to
get the deprecation notices added, so I will start writing a patch for
that. Perhaps we should also consider adding WARNINGs whenever folks use
MD5 passwords in any fashion (with a corresponding GUC to turn those off).
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2024-10-10 20:15:40 | Re: generic plans and "initial" pruning |
| Previous Message | Aleksander Alekseev | 2024-10-10 20:08:30 | Re: Build issue with postgresql 17 undefined reference to `pg_encoding_to_char' and `pg_char_to_encoding' |