| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [HACKERS] Changing references of password encryption to hashing |
| Date: | 2023-11-28 15:01:57 |
| Message-ID: | CA+Tgmoa44Q+rajT2FC2S7R3-hfh0xXTEa+qLzdYD0Gh9DPoX3Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Nov 28, 2023 at 9:55 AM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> I do think we should use the correct terminology in our documentation
> and would support your working on improving things in this area.
+1.
> I do wonder if perhaps we would be better off by having someone spend
> time on removing terribly insecure authentication methods like md5 and
> ldap though ...
Wait, what's insecure about LDAP?
I think we should eventually remove MD5, but I think there's no rush.
People who care about security will have already switched, and people
who don't care about security are not required to start caring.
Eventually the maintenance burden will become large enough that it
makes sense to phase it out for that reason, but I haven't seen any
evidence that we're anywhere close to that point.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tristan Partin | 2023-11-28 15:16:31 | Re: SSL tests fail on OpenSSL v3.2.0 |
| Previous Message | Tom Lane | 2023-11-28 15:00:57 | Re: SSL tests fail on OpenSSL v3.2.0 |