Re: md5_password_warnings for password auth with MD5-encrypted passwords

Fujii Masao <masao.fujii@gmail.com>

From: Fujii Masao <masao.fujii@gmail.com>
To: Japin Li <japinli@hotmail.com>
Cc: Chao Li <li.evan.chao@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-06-23T04:31:53Z
Lists: pgsql-hackers
On Tue, Jun 23, 2026 at 12:17 PM Japin Li <japinli@hotmail.com> wrote:
> >> --
> >> Fujii Masao
> >> <v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch>
> >
> > Given that the original warning emission was in md5_crypt_verify(), I
> > think it might be a bit better to keep the two private helpers in
> > crypt.c and add the warning emission in plain_crypt_verify(), because
> > that function has already determined the password type and
> > authentication result.
> >
> +1
>
> Placing it in plain_crypt_verify() leverages the already-determined type and
> result, while keeping the helpers internal to crypt.c is cleaner.

plain_crypt_verify() looks like a generic helper to me. It's used not
only for connection authentication, but also by CREATE/ALTER ROLE and
passwordcheck. So I'm not sure it's clearer to add a
connection-authentication-specific side effect there.

Also, plain_crypt_verify() can be called after
EmitConnectionWarnings(), for example, by CREATE/ALTER ROLE.
So if plain_crypt_verify() were updated to simply call
StoreConnectionWarning() for MD5 password warnings, it could end up
calling StoreConnectionWarning() after EmitConnectionWarnings(),
resulting in the unexpected error
"StoreConnectionWarning() called after EmitConnectionWarnings()".

Regards,

-- 
Fujii Masao



Commits

  1. Warn on password auth with MD5-encrypted passwords