Re: [Patch] Mention md5 is deprecated in postgresql.conf.sample
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Banck <mbanck@gmx.net>
Cc: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-14T11:53:41Z
Lists: pgsql-hackers
> On 14 Nov 2025, at 11:47, Michael Banck <mbanck@gmx.net> wrote: > while looking through postgresql.conf on PG18, I noticed that > password_encryption mentions md5 as valid alternative to scram-sha-256. > I think it would be useful to mention md5 is deprecated so that people > looking at it (but have otherwise not gotten the memo) will realize and > hopefully act on it. No objection. I suspect the overlap between users who don't read release notes and users who read .conf.sample comments closely is pretty small, but it certainly won't hurt. -#password_encryption = scram-sha-256 # scram-sha-256 or md5 +#password_encryption = scram-sha-256 # scram-sha-256 or (deprecated) md5 #scram_iterations = 4096 #md5_password_warnings = on Maybe this should be combined with a comment on md5_password_warnings as well? -- Daniel Gustafsson