Re: Password leakage avoidance
Dave Cramer <davecramer@postgres.rocks>
From: Dave Cramer <davecramer@postgres.rocks>
To: Robert Haas <robertmhaas@gmail.com>
Cc: "Jonathan S. Katz" <jkatz@postgresql.org>,
Joe Conway <mail@joeconway.com>, Tom Lane <tgl@sss.pgh.pa.us>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2024-01-03T13:59:50Z
Lists: pgsql-hackers
On Wed, 3 Jan 2024 at 08:53, Robert Haas <robertmhaas@gmail.com> wrote: > On Sun, Dec 24, 2023 at 12:06 PM Jonathan S. Katz <jkatz@postgresql.org> > wrote: > > We're likely to have new algorithms in the future, as there is a draft > > RFC for updating the SCRAM hashes, and already some regulatory bodies > > are looking to deprecate SHA256. My concern with relying on the > > "encrypted_password" GUC (which is why PQencryptPasswordConn takes > > "conn") makes it any easier for users to choose the algorithm, or if > > they need to rely on the server/session setting. > > Yeah, I agree. It doesn't make much sense to me to propose that a GUC, > which is a server-side setting, should control client-side behavior. > > Also, +1 for the general idea. I don't think this is a whole answer to > the problem of passwords appearing in log files because (1) you have > to be using libpq in order to make use of this JDBC has it as of yesterday. I would imagine other clients will implement it. Dave Cramer > >