On Fri, Mar 14, 2025 at 12:50 PM Greg Sabino Mullane <htamfids@gmail.com> wrote:
I'd rather not sit on this another year, if we can help it. We really should be warning people about this practice. The exact wording of the hint can be up for debate (or postponed - we technically don't have to say anything other than 'bad idea').
Having the ability to disable clear text passwords seems an immediate win for those that want to enable it. Sure, we could be doing more, but I don't see any of the proposed future changes interfering with this patch.
I agree. This is a clear win that can easily be turned on by packagers/distributors with little consequence to everyone else.
My only suggestion would be to have the GUC name be closer to other password-related settings. Looking at the sample file I see
password_encryption
md5_password_warnings
So perhaps something like password_cleartext_action would fit in a little better and make it easier to spot while going through the file.
