Re: PATCH: warn about, and deprecate, clear text passwords
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Nathan Bossart <nathandbossart@gmail.com>,
Greg Sabino Mullane <htamfids@gmail.com>,
Isaac Morland <isaac.morland@gmail.com>,
Aleksander Alekseev <aleksander@timescale.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-03-03T18:47:27Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes: > I wonder if we could drum up some support for not including any > version of the password (even encrypted) in the query string. For > instance, let's say that to change your password you have to use the > new CHANGE PASSWORD command which can only be used at top level (not > inside PL code or whatever) and always takes a single parameter that > must be supplied via the extended query protocol. How would pg_dumpall cope with transferring passwords then? I could see insisting that plain-text passwords be supplied only that way. But removing the ability to have encrypted passwords in-line seems like a serious operational problem with little benefit. regards, tom lane