PATCH: warn about, and deprecate, clear text passwords
David G. Johnston <david.g.johnston@gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Greg Sabino Mullane <htamfids@gmail.com>,
Nathan Bossart <nathandbossart@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Isaac Morland <isaac.morland@gmail.com>, Aleksander Alekseev <aleksander@timescale.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-03-17T03:36:36Z
Lists: pgsql-hackers
On Sunday, March 16, 2025, Robert Haas <robertmhaas@gmail.com> wrote: > > > WARNING: you just caused a problem for somebody else > > The user has no particular reason to care about the fact that the > password they just typed ended up in the log. > It could also be: warning: your password is known to Big Brother hint: use psql \password to supply a private password, or see “docs/wiki page” for more details and a way to pre-compute and send a private password via SQL. Sure, we can’t make them drink, but let’s at least show them where we put the water trough. Some of them will care but be unaware. We can make it an error later and do nothing, removing the choice but to figure out the proper way of changing their password. David J.