| From: | Dave Cramer <pg(at)fastcrypt(dot)com> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Andres Freund <andres(at)anarazel(dot)de>, David Fetter <david(at)fetter(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: change password_encryption default to scram-sha-256? |
| Date: | 2019-04-08 19:56:02 |
| Message-ID: | CADK3HHKOdbti2XXacDGJyc6+9kt8Xh_J-ta4wo73h4C4BJoPwg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro,
On Mon, 8 Apr 2019 at 13:34, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
wrote:
> I'm not sure I understand all this talk about deferring changing the
> default to pg13. AFAICS only a few fringe drivers are missing support;
> not changing in pg12 means we're going to leave *all* users, even those
> whose clients have support, without the additional security for 18 more
> months.
>
> IIUC the vast majority of clients already support SCRAM auth. So the
> vast majority of PG users can take advantage of the additional security.
> I think the only massive-adoption exception is JDBC, and apparently they
> already have working patches for SCRAM.
>
We have more than patches this is already in the driver.
What do you mean by "massive-adoption exception"
Dave Cramer
davec(at)postgresintl(dot)com
www.postgresintl.com
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Cramer | 2019-04-08 20:03:35 | Re: change password_encryption default to scram-sha-256? |
| Previous Message | Justin Pryzby | 2019-04-08 19:49:12 | Re: change password_encryption default to scram-sha-256? |