| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Add a warning message when using unencrypted passwords |
| Date: | 2024-12-10 23:12:23 |
| Message-ID: | Z1jK17QlPoAmxQMd@nathan |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Dec 07, 2024 at 03:39:55PM +0100, Guillaume Lelarge wrote:
> I thought about it, and tried to write a patch. I've mostly copied the
> "Deprecate MD5 passwords" patch/commit from Nathan Bossart. My patch works
> on current HEAD. Documentation and tests are dealt with.
I've been thinking about this one for a couple of days, and I'm finding
myself leaning -1. I certainly didn't intend for the MD5 password
deprecation warnings to set a precedent of warning for every potentially
undesired behavior, and given that there's no plan to remove the ability to
specify a clear-text password in queries, I worry that this will generate
far more noise than is warranted. I also worry that users may misinterpret
the warning as saying that the clear-text password is stored in the
catalogs.
I know the topic of "password leakage" comes up a lot (e.g., [0]). It'd be
good to find a path forward for that, but IMHO it will require more than
warnings.
[0] https://postgr.es/m/b75955f7-e8cc-4bbd-817f-ef536bacbe93%40joeconway.com
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2024-12-10 23:34:50 | Re: [18] Fix a few issues with the collation cache |
| Previous Message | David G. Johnston | 2024-12-10 22:59:34 | Re: Document NULL |