pg_upgrade: warn about roles with md5 passwords

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Cc: pgsql(at)j-davis(dot)com
Subject: pg_upgrade: warn about roles with md5 passwords
Date: 2025-06-02 15:32:19
Message-ID: aD3EA6jmcDZyPHiv@nathan
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Since MD5 passwords are slated to be marked as deprecated in v18, I figured
it might be a good idea to add a check for roles with MD5 passwords to
pg_upgrade. I'm tempted to suggest that we apply this to v18, but I'm
content to leave it for v19 if nobody feels too strongly about it.

The one thing I don't like about this check is that it's probably not great
from a security standpoint to effectively announce which roles have MD5
passwords. However, pg_upgrade must be run as the bootstrap superuser, and
we'll need to start failing for MD5 passwords at some point, so I'm not
sure how worried to be about that.

One other thing I noticed is that checks that only emit warnings, like
check_for_unicode_update(), require using --retain in order to see the
generated report file. Otherwise, pg_upgrade deletes the files after
successful completion. I don't know how worried to be about this, either,
but I did run into it while testing the attached patch, so it seemed worth
bringing up.

--
nathan

Attachment Content-Type Size
v1-0001-pg_upgrade-Warn-about-roles-with-MD5-passwords.patch text/plain 3.0 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Sami Imseih 2025-06-02 15:52:25 Re: track generic and custom plans in pg_stat_statements
Previous Message Melanie Plageman 2025-06-02 14:56:16 Re: RelationGetNumberOfBlocks called before vacuum_get_cutoffs