Re: sunsetting md5 password support
Christoph Moench-Tegeder <cmt@burggraben.net>
From: Christoph Moench-Tegeder <cmt@burggraben.net>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Nathan Bossart <nathandbossart@gmail.com>, pgsql-hackers@postgresql.org
Date: 2024-10-10T12:27:04Z
Lists: pgsql-hackers
## Heikki Linnakangas (hlinnaka@iki.fi): > This is a bit weird state. What exactly is "upgrading"? I guess you > mean pg_upgrade, but lots of people use pg_dump & restore or logical > replication or something else entirely for upgrading. That's > indistinguishable from setting a pre-hashed MD5 password. Password hashes are only in the "globals" dump (pg_dumpall -r/-g), not in standard pg_dump (and I don't see anything about passwords in the binary-upgrade mode of pg_dump). Finally it might be a good thing that we separated data and roles. Maybe that even is a plan for pg_upgrade: understand md5-password when they appear in pg_authid, but do not apply special treatment in CREATE ROLE/ALTER ROLE, thus preventing the setting of md5 password as pre-hashed passwords. Regards, Christoph -- Spare Space.
Commits
-
Deprecate MD5 passwords.
- db6a4a985bc0 18.0 landed