Re: add warning upon successful md5 password auth
Andreas Karlsson <andreas@proxel.se>
From: Andreas Karlsson <andreas@proxel.se>
To: Nathan Bossart <nathandbossart@gmail.com>, pgsql-hackers@postgresql.org
Date: 2026-02-13T05:04:14Z
Lists: pgsql-hackers
On 2/11/26 8:52 PM, Nathan Bossart wrote: > Since I just added a "connection warnings" infrastructure in commit > 1d92e0c2cc, I thought it might be a good time to revisit this idea. > Attached is an updated patch. I'm not sure this is v19 material. It could > make sense to wait until v20 or something. But I figured it was worth at > least having the discussion. The patch looks good and I think it would make sense to merge it in 19, why wait for 20? But the main question I see is if this is too noisy or not. Some applications connected to PostgreSQL quite a lot and I am sure we would make some users unhappy so I am not fully on board with this patch. But on the other hand we have way too many people who still use md5 and we really should push them towards using scram. Andreas
Commits
-
Warn upon successful MD5 password authentication.
- bc60ee860665 19 (unreleased) landed
-
Add password expiration warnings.
- 1d92e0c2cc47 19 (unreleased) cited