Re: PATCH: warn about, and deprecate, clear text passwords

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Greg Sabino Mullane <htamfids@gmail.com>, Isaac Morland <isaac.morland@gmail.com>, Aleksander Alekseev <aleksander@timescale.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-03-14T15:21:30Z
Lists: pgsql-hackers
On Mon, Mar 03, 2025 at 01:54:59PM -0500, Robert Haas wrote:
> Oh, good point. I don't know. I just have heard a LOT of complaining
> about passwords showing up in the log, and I'm not sure insisting that
> they have to all be encrypted is going to make all of the complaining
> stop.

+1.  At this point, IMHO we should consider this v19 material to provide
more time for discussion on the best way to tackle this problem.  Blocking
plain-text passwords in CREATE/ALTER ROLE commands may be part of it, but
as Robert notes, we might need to do more.

-- 
nathan