Home > mailing lists

Re: PATCH: warn about, and deprecate, clear text passwords - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: PATCH: warn about, and deprecate, clear text passwords
Date	March 3 21:47:27
Msg-id	4061037.1741027647@sss.pgh.pa.us Whole thread Raw
In response to	Re: PATCH: warn about, and deprecate, clear text passwords (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: PATCH: warn about, and deprecate, clear text passwords
List	pgsql-hackers

Tree view

Robert Haas <robertmhaas@gmail.com> writes:
> I wonder if we could drum up some support for not including any
> version of the password (even encrypted) in the query string. For
> instance, let's say that to change your password you have to use the
> new CHANGE PASSWORD command which can only be used at top level (not
> inside PL code or whatever) and always takes a single parameter that
> must be supplied via the extended query protocol.

How would pg_dumpall cope with transferring passwords then?

I could see insisting that plain-text passwords be supplied only
that way.  But removing the ability to have encrypted passwords
in-line seems like a serious operational problem with little benefit.

            regards, tom lane

pgsql-hackers by date:

From: Matheus Alcantara
Date: 03 March, 21:45:59
Subject: Re: RFC: Additional Directory for Extensions

From: Robert Haas
Date: 03 March, 21:54:59
Subject: Re: PATCH: warn about, and deprecate, clear text passwords

Re: PATCH: warn about, and deprecate, clear text passwords - Mailing list pgsql-hackers

Previous

Next