| From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Ian Lawrence Barwick <barwick(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PG 14 release notes, first draft |
| Date: | 2021-05-15 23:05:35 |
| Message-ID: | 20210515230535.GA3189@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2021-May-12, Bruce Momjian wrote:
> OK, updated text:
>
> <listitem>
> <!--
> Author: Peter Eisentraut <peter(at)eisentraut(dot)org>
> 2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
> -->
>
> <para>
> Change the default of the password_encryption server parameter
> to scram-sha-256 (Peter Eisentraut)
> </para>
>
> <para>
> Previously it was md5. All new passwords will be stored as SHA256
> unless this server variable is changed or the password is already
> md5-hashed. Also, the legacy (and undocumented) boolean-like
> values which were previously synonyms of <literal>md5</literal>
> are no longer accepted.
> </para>
> </listitem>
Thanks, looks ok as far as what the original point was about.
I have to say that this sentence is a bit odd: "All new passwords will
be stored as sha256 unless ... the password is already md5-hashed".
Does this mean that if you change a password for a user whose password
was md5, the new one is stored as md5 too even if the setting is
scram-sha-256? Or if "the password" means an old password, then why is
it a new password?
--
Álvaro Herrera Valdivia, Chile
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2021-05-15 23:12:28 | Re: PG 14 release notes, first draft |
| Previous Message | Alvaro Herrera | 2021-05-15 23:01:25 | Re: compute_query_id and pg_stat_statements |