| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Davis <pgsql(at)j-davis(dot)com>, samay sharma <smilingsamay(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Proposal: Support custom authentication methods using hooks |
| Date: | 2022-03-02 15:29:29 |
| Message-ID: | a315a4df-43bd-535d-b0b3-632ba167e7bd@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 02.03.22 15:16, Jonathan S. Katz wrote:
>> I find that a lot of people are still purposely using md5. Removing
>> it now or in a year would be quite a disruption.
>
> What are the reasons they are still purposely using it? The ones I have
> seen/heard are:
>
> - Using an older driver
> - On a pre-v10 PG
> - Unaware of SCRAM
I'm not really sure, but it seems like they are content with what they
have and don't want to bother with the new fancy stuff.
> What I'm proposing above is to start the process of deprecating it as an
> auth method, which also allows to continue the education efforts to
> upgrae. Does that make sense?
I'm not in favor of starting a process that will result in removal of
the md5 method at this time.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2022-03-02 15:29:45 | Re: Proposal: Support custom authentication methods using hooks |
| Previous Message | Daniel Westermann (DWE) | 2022-03-02 15:22:44 | Re: Changing "Hot Standby" to "hot standby" |