| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: password_encryption default |
| Date: | 2020-05-22 14:46:38 |
| Message-ID: | 20200522144638.GK3418@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> On Fri, May 22, 2020 at 4:13 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> > > We didn't get anywhere with making the default authentication method in
> > > a source build anything other than trust. But perhaps we should change
> > > the default for password_encryption to nudge people to adopt SCRAM?
> > > Right now, passwords are still hashed using MD5 by default, unless you
> > > specify scram-sha-256 using initdb -A or similar.
> >
> > I think what that was waiting on was for client libraries to become
> > SCRAM-ready. Do we have an idea of the state of play on that side?
> >
>
> If the summary table on the wiki at
> https://wiki.postgresql.org/wiki/List_of_drivers is to be trusted, every
> listed driver except Swift does.
Yes, Katz actually went through and worked with folks to make that
happen. I'm +1 on moving the default for password_encryption to be
scram. Even better would be changing the pg_hba.conf default, but I
think we still have concerns about that having problems with the
regression tests and the buildfarm.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-05-22 14:59:34 | Re: password_encryption default |
| Previous Message | Fujii Masao | 2020-05-22 14:37:39 | Re: Add explanations which are influenced by track_io_timing |