| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg_upgrade: warn about roles with md5 passwords |
| Date: | 2025-06-02 17:04:00 |
| Message-ID: | aD3ZgHLMu58pAUpy@nathan |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jun 02, 2025 at 09:45:55AM -0700, Jeff Davis wrote:
> On Mon, 2025-06-02 at 10:32 -0500, Nathan Bossart wrote:
>> The one thing I don't like about this check is that it's probably not
>> great
>> from a security standpoint to effectively announce which roles have
>> MD5
>> passwords.
>
> Do you have a specific concern, or is that more of a general concern?
General.
>> One other thing I noticed is that checks that only emit warnings,
>> like
>> check_for_unicode_update(), require using --retain in order to see
>> the
>> generated report file.
>
> Should we automatically retain files associated with warnings, or copy
> them to a different location?
That seems worth considering. Another option could be to just document
that files generated for warnings will be lost without --retain. WDYT?
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sami Imseih | 2025-06-02 17:46:51 | Re: pg_get_multixact_members not documented |
| Previous Message | Alena Rybakina | 2025-06-02 16:50:42 | Re: Vacuum statistics |