Re: PATCH: warn about, and deprecate, clear text passwords
Greg Sabino Mullane <htamfids@gmail.com>
From: Greg Sabino Mullane <htamfids@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Isaac Morland <isaac.morland@gmail.com>,
Aleksander Alekseev <aleksander@timescale.com>, tgl@sss.pgh.pa.us, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-03-03T17:06:53Z
Lists: pgsql-hackers
On Mon, Mar 3, 2025 at 11:33 AM Nathan Bossart <nathandbossart@gmail.com> wrote: > I think it would be good to hear some other opinions on whether we should > consider sending clear-text passwords to the server as either 1) fully > supported, 2) deprecated but with no intent to remove anytime soon, or 3) > deprecated with the intent of removal at some point in the next several > years. I personally am -1 on the warning unless we have a consensus on > (3), but I'm +1 on adding a way to enforce "pre-encryption" regardless. > That's more than fair. And "deprecation" doesn't need to mean that's the next step in the process. So warn -> deny by default (but allow if you work at it) -> remove completely. Which is very similar to our md5 path, I suppose. I'm certainly happy staying at that middle stage for an indefinite amount of time for both of those, as it means that Postgres is both "secure by default" but backwards compatible. -- Cheers, Greg -- Crunchy Data - https://www.crunchydata.com Enterprise Postgres Software Products & Tech Support