| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Noah Misch <noah(at)leadboat(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net> |
| Subject: | Re: initdb recommendations |
| Date: | 2019-05-24 02:28:27 |
| Message-ID: | 10093.1558664907@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
"Jonathan S. Katz" <jkatz(at)postgresql(dot)org> writes:
> For now I have left in the password based method to be scram-sha-256 as
> I am optimistic about the support across client drivers[1] (and FWIW I
> have an implementation for crystal-pg ~60% done).
> However, this probably means we would need to set the default password
> encryption guc to "scram-sha-256" which we're not ready to do yet, so it
> may be moot to leave it in.
> So, thinking out loud about that, we should probably use "md5" and once
> we decide to make the encryption method "scram-sha-256" by default, then
> we update the recommendation?
Meh. If we're going to break things, let's break them. Set it to
scram by default and let people who need to cope with old clients
change the default. I'm tired of explaining that MD5 isn't actually
insecure in our usage ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2019-05-24 02:30:09 | Re: initdb recommendations |
| Previous Message | Jonathan S. Katz | 2019-05-24 00:13:54 | Re: initdb recommendations |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2019-05-24 02:30:09 | Re: initdb recommendations |
| Previous Message | Tom Lane | 2019-05-24 02:25:45 | Re: Minor typos and copyright year slippage |