| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, masao(dot)fujii(at)gmail(dot)com, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: md5_password_warnings for password auth with MD5-encrypted passwords |
| Date: | 2026-06-26 18:18:55 |
| Message-ID: | aj7Cj59J5gEvaH_0@nathan |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jun 24, 2026 at 07:43:21AM -0700, Jacob Champion wrote:
> Presumably the verifier was created a while back, though, in the case
> of an upgrade. Personally I think it makes sense to warn whenever the
> MD5 hash is used to authenticate.
I'm fine with expanding the warnings to "password" auth. Something else I
considered is whether we should warn if a role with an MD5 password is
authenticated without using the password. I ultimately decided against
that, but we could expand it there, too.
> No opinion on the patch implementation, though (cc'd Nathan who might?).
TBH I'm not too opinionated here, if for no other reason than all this code
should be getting deleted in the next couple of years.
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2026-06-26 18:26:20 | Re: doc: fix pg_stat_autovacuum_scores threshold wording |
| Previous Message | Álvaro Herrera | 2026-06-26 18:07:35 | Re: Fix \crosstabview to honor \pset display_true/display_false |