Thread

  1. Re: [Patch] Mention md5 is deprecated in postgresql.conf.sample

    Robert Treat <rob@xzilla.net> — 2025-11-15T14:37:37Z

    On Fri, Nov 14, 2025 at 5:48 AM Michael Banck <mbanck@gmx.net> wrote:
    >
    > Hi,
    >
    > while looking through postgresql.conf on PG18, I noticed that
    > password_encryption mentions md5 as valid alternative to scram-sha-256.
    > I think it would be useful to mention md5 is deprecated so that people
    > looking at it (but have otherwise not gotten the memo) will realize and
    > hopefully act on it.
    >
    > Patch attached, I think it would be a candidate for being back-patched
    > to PG18 if accepted.
    >
    
    +1 to the general idea, though I think it should go the other way
    around (it is a small enough grammatical point I'm sure some would
    argue the other way around).
    
    # password_encryption = scram-sha-256 # scram-sha-256 or md5 (deprecated)
    
    Also +1 for backpatching. IIRC this would only show up in new
    clusters, but we're still pretty early on in the cycle, so it seems
    worth it.
    
    
    Robert Treat
    https://xzilla.net