| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | David Fetter <david(at)fetter(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: change password_encryption default to scram-sha-256? |
| Date: | 2019-04-08 05:34:42 |
| Message-ID: | 6774.1554701682@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael Paquier <michael(at)paquier(dot)xyz> writes:
> From what I can see, the major drivers not using directly libpq
> support our SASL protocol: JDBC and npgsql. However I can count three
> of them which still don't support it: Crystal, pq (Go) and asyncpg.
> pq and asyncpg are very popular on github, with at least 3000 stars
> each, which is a lot I think. I have also double-checked their source
> code and I am seeing no trace of SASL or SCRAM, so it seems to me that
> we may want to wait more before switching the default.
Perhaps we could reach out to the authors of those libraries,
and encourage them to provide support in the next year or so?
I don't doubt that switching to scram-sha-256 is a good idea in
the long run. The idea here was to give driver authors a reasonable
amount of time to update. I don't really think that one year
counts as a "reasonable amount of time" given how slowly this
project moves overall ... but we don't want to wait forever ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2019-04-08 05:42:25 | Re: change password_encryption default to scram-sha-256? |
| Previous Message | Michael Paquier | 2019-04-08 05:28:16 | Re: change password_encryption default to scram-sha-256? |