| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: password_encryption, default and 'plain' support |
| Date: | 2017-05-03 18:51:49 |
| Message-ID: | CABUevEwDj6E=YRicerRbwgWVe4C8hMn=GH0OUkaW=+r=EXafww@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, May 3, 2017 at 5:52 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Wed, May 3, 2017 at 7:31 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
> wrote:
> > In various threads on SCRAM, we've skirted around the question of
> whether we
> > should still allow storing passwords in plaintext. I've avoided
> discussing
> > that in those other threads, because it's been an orthogonal question,
> but
> > it's a good question and we should discuss it.
> >
> > So, I propose that we remove support for password_encryption='plain' in
> > PostgreSQL 10. If you try to do that, you'll get an error.
>
> I have no idea how widely used that option is.
>
> > Another question that's been touched upon but not explicitly discussed,
> is
> > whether we should change the default to "scram-sha-256". I propose that
> we
> > do that as well. If you need to stick to md5, e.g. because you use
> drivers
> > that don't support SCRAM yet, you can change it in postgresql.conf, but
> the
> > majority of installations that use modern clients will be more secure by
> > default.
>
> I think that we should investigate how many connectors have support
> for SCRAM or are likely to do so by the time v10 is released. A *lot*
> of people are using connectors that are not based on libpq, especially
> JDBC but I think many of the others as well. If most of those are
> going to support SCRAM by the time v10 comes out, cool, but if not,
> maybe it's wise to hold off for a release before flipping the default.
> Not sure.
>
From the traffic on the list it sounds like the JDBC people are working on
it already -- hopefully they will have something in time.
It might make sense to ping other "major drivers" people as well -- such as
maybe npgsql. What else?
A good approach might be to change the default now, before beta. Then if
drivers don't change, or if we get a lot of pushback from beta testers, we
change it back before release. But if we don't change it, we will not know
how big the impact would be...
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2017-05-03 18:57:00 | Re: WITH clause in CREATE STATISTICS |
| Previous Message | Alvaro Herrera | 2017-05-03 18:33:42 | Re: WITH clause in CREATE STATISTICS |