Thread
-
Re: [Patch] Mention md5 is deprecated in postgresql.conf.sample
Robert Treat <rob@xzilla.net> — 2025-11-15T14:37:37Z
On Fri, Nov 14, 2025 at 5:48 AM Michael Banck <mbanck@gmx.net> wrote: > > Hi, > > while looking through postgresql.conf on PG18, I noticed that > password_encryption mentions md5 as valid alternative to scram-sha-256. > I think it would be useful to mention md5 is deprecated so that people > looking at it (but have otherwise not gotten the memo) will realize and > hopefully act on it. > > Patch attached, I think it would be a candidate for being back-patched > to PG18 if accepted. > +1 to the general idea, though I think it should go the other way around (it is a small enough grammatical point I'm sure some would argue the other way around). # password_encryption = scram-sha-256 # scram-sha-256 or md5 (deprecated) Also +1 for backpatching. IIRC this would only show up in new clusters, but we're still pretty early on in the cycle, so it seems worth it. Robert Treat https://xzilla.net
-
Re: [Patch] Mention md5 is deprecated in postgresql.conf.sample
Michael Banck <mbanck@gmx.net> — 2025-11-15T14:55:39Z
Hi, On Sat, Nov 15, 2025 at 09:37:37AM -0500, Robert Treat wrote: > +1 to the general idea, though I think it should go the other way > around (it is a small enough grammatical point I'm sure some would > argue the other way around). > > # password_encryption = scram-sha-256 # scram-sha-256 or md5 (deprecated) I thought about that, but then wondered whether people would think the whole thing (password_encryption) is deprecated or maybe both scram-sha-256 and md5? > Also +1 for backpatching. IIRC this would only show up in new > clusters, but we're still pretty early on in the cycle, so it seems > worth it. Yeah. Michael
-
Re: [Patch] Mention md5 is deprecated in postgresql.conf.sample
Daniel Gustafsson <daniel@yesql.se> — 2025-11-17T12:35:21Z
> On 15 Nov 2025, at 15:55, Michael Banck <mbanck@gmx.net> wrote: > > Hi, > > On Sat, Nov 15, 2025 at 09:37:37AM -0500, Robert Treat wrote: >> +1 to the general idea, though I think it should go the other way >> around (it is a small enough grammatical point I'm sure some would >> argue the other way around). >> >> # password_encryption = scram-sha-256 # scram-sha-256 or md5 (deprecated) > > I thought about that, but then wondered whether people would think the > whole thing (password_encryption) is deprecated or maybe both > scram-sha-256 and md5? Sleeping on it I agree with this, and ended up applying this version. -- Daniel Gustafsson