Re: change password_encryption default to scram-sha-256?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andres Freund <andres(at)anarazel(dot)de>
Cc: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, David Fetter <david(at)fetter(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: change password_encryption default to scram-sha-256?
Date: 2019-04-08 18:28:30
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Andres Freund <andres(at)anarazel(dot)de> writes:
> On 2019-04-08 13:34:12 -0400, Alvaro Herrera wrote:
>> I'm not sure I understand all this talk about deferring changing the
>> default to pg13. AFAICS only a few fringe drivers are missing support;
>> not changing in pg12 means we're going to leave *all* users, even those
>> whose clients have support, without the additional security for 18 more
>> months.

> Imo making such changes after feature freeze is somewhat poor
> form.


> If jdbc didn't support scram, it'd be an absolutely clear no-go imo. A
> pretty large fraction of users use jdbc to access postgres. But it seems
> to me that support has been merged for a while:

"Merged to upstream" is a whole lot different from "readily available in
the field". What's the actual status in common Linux distros, for

The scenario that worries me here is somebody using a bleeding-edge PGDG
server package in an environment where the rest of the Postgres ecosystem
is much less bleeding-edge. The last time that situation would have
caused them can't-connect problems was, um, probably when we introduced
MD5 password encryption. So they won't be expecting to get blindsided by
something like this.

I'm particularly concerned about the idea that they won't see a problem
during initial testing, only to have things fall over after they enter
production and do a "routine" password change.

regards, tom lane

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Jonathan S. Katz 2019-04-08 19:18:42 Re: change password_encryption default to scram-sha-256?
Previous Message Bruce Momjian 2019-04-08 17:57:35 Re: ECPG regression with DECLARE STATEMENT support