Re: sunsetting md5 password support
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Jelte Fennema-Nio <postgres@jeltef.nl>
Cc: Nathan Bossart <nathandbossart@gmail.com>, pgsql-hackers@postgresql.org
Date: 2024-10-10T21:03:37Z
Lists: pgsql-hackers
On Wed, Oct 9, 2024 at 10:30:15PM +0200, Jelte Fennema-Nio wrote: > On Wed, 9 Oct 2024 at 21:55, Nathan Bossart <nathandbossart@gmail.com> wrote: > > In this message, I propose a multi-year, incremental approach to remove MD5 > > password support from Postgres. > > +many for the general idea > > I think it makes sense to also remove the "password" authentication > option while we're at it (this can currently be used with SCRAM stored > passwords). I remember "password" as being recommended for SSL connections where there is no risk of the password contents being seen. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com When a patient asks the doctor, "Am I going to die?", he means "Am I going to die soon?"
Commits
-
Deprecate MD5 passwords.
- db6a4a985bc0 18.0 landed