The user has no particular reason to care about the fact that the password they just typed ended up in the log. That is a concern for
the DBA, not the user, and even if they care about the DBA's feelings, they only get the warning after it's too late to do otherwise.
Can't the same be said about other warnings, esp. md5?
Attached is a rebase of the patch.
I'm a little confused at some of the pushback - this patch is 100% backwards compatible, addresses a specific requested concern by allowing a DBA to disallow clear text passwords, and adds a warning to what is clearly a bad practice that we should be discouraging.
Robert - would you be more inclined to accept this if we kept the three states, but made the default "allow"? That would still allow people to bump it stronger manually, but would have no effect on everyone else. That would give us time to tweak the wording and/or examine other approaches. Although any other approaches would still leave the need to do something with passwords via ALTER USER / CREATE USER in the interim.
Cheers,
Greg
--
Enterprise Postgres Software Products & Tech Support
