| From: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | md5_password_warnings for password auth with MD5-encrypted passwords |
| Date: | 2026-06-23 01:39:42 |
| Message-ID: | CAHGQGwGkWfn5rtHzvdRbVk+PCefQU3gun3hc7QnaMXHFa5Bu3w@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
While testing md5_password_warnings, I noticed that authentication
with an MD5-encrypted password emits the expected warning when the HBA
method is md5, but not when it is password.
Was this intentional, or just an oversight?
I couldn't find any discussion about this, so I put together the
attached patch. It updates the authentication code to emit the same
MD5 deprecation connection warning after successful password
authentication when the stored password is MD5-encrypted.
Thoughts?
Regards,
--
Fujii Masao
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Warn-on-password-auth-with-MD5-encrypted-password.patch | application/octet-stream | 5.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2026-06-23 02:02:25 | Re: Small patch to improve safety of utf8_to_unicode(). |
| Previous Message | Michael Paquier | 2026-06-23 01:29:35 | Re: [PATCH] Warn when io_min_workers exceeds io_max_workers |