| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Thoughts on a "global" client configuration? |
| Date: | 2025-10-08 21:37:03 |
| Message-ID: | CAOYmi+=4tJnbYJ7JiRCUm28fdZpJ3eiojMcHS_aytroaHipKyw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Oct 8, 2025 at 1:40 PM Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
> If we set the default at verify-full (that would be my vote), someone
> can undo that for a particular installation by setting PGSSLMODE=prefer
> globally on their system
I don't think we should ever tell users to set PGSSLMODE=prefer. It's
really sticky, and you can't know that third-party code won't defer to
it instead of overriding it when they see it defined. A quick Github
code search turns up a few people doing exactly that.
If we make the change at the default level instead, we remain in
control of the override priority, so users will be reverting to the
previous behavior instead of introducing new untested behavior.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2025-10-08 21:38:26 | Re: [PATCH] Remove unused #include's in src/backend/commands/* |
| Previous Message | Nathan Bossart | 2025-10-08 21:31:13 | Re: [PATCH] Remove unused #include's in src/backend/commands/* |