Re: password_encryption, default and 'plain' support
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: Magnus Hagander <magnus@hagander.net>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2017-05-03T12:25:43Z
Lists: pgsql-hackers
On Wed, May 3, 2017 at 8:38 PM, Magnus Hagander <magnus@hagander.net> wrote: > On Wed, May 3, 2017 at 1:31 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: >> In various threads on SCRAM, we've skirted around the question of whether >> we should still allow storing passwords in plaintext. I've avoided >> discussing that in those other threads, because it's been an orthogonal >> question, but it's a good question and we should discuss it. >> >> So, I propose that we remove support for password_encryption='plain' in >> PostgreSQL 10. If you try to do that, you'll get an error. > > Is there any usecase at all for it today? For developers running applications on top of Postgres? >> Another question that's been touched upon but not explicitly discussed, is >> whether we should change the default to "scram-sha-256". I propose that we >> do that as well. If you need to stick to md5, e.g. because you use drivers >> that don't support SCRAM yet, you can change it in postgresql.conf, but the >> majority of installations that use modern clients will be more secure by >> default. > > Much as that's going to cause issues for some people, I think it's worth > doing. We should probably put something specific in the release notes > mentioning the error message you get in libpq, and possibly some of the > other most common drivers. My original view on the matter was, and is still, to wait for one or two releases before switching the default to scram. -- Michael
Commits
-
Remove support for password_encryption='off' / 'plain'.
- eb61136dc75a 10.0 landed