Re: add warning upon successful md5 password auth
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Andreas Karlsson <andreas@proxel.se>
Cc: pgsql-hackers@postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2026-02-17T17:05:38Z
Lists: pgsql-hackers
Attachments
On Tue, Feb 17, 2026 at 07:08:17AM +0100, Andreas Karlsson wrote: > After thinking more on the subject I have come around. I think warning spam > (that can be disabled) is fine and why not introduce it directly in 19? WFM > As for the patch itself I think it looks good, but I am not a fan of the > test code. Why not simply write like the below? > > test_conn($node, 'user=md5_role', 'md5', 0, > log_like => > [qr/connection authenticated: identity="md5_role" method=md5/], > expected_stderr => > [qr/authenticated with an MD5-encrypted password/]) No good reason. I've updated the patch. -- nathan
Commits
-
Warn upon successful MD5 password authentication.
- bc60ee860665 19 (unreleased) landed
-
Add password expiration warnings.
- 1d92e0c2cc47 19 (unreleased) cited