Re: Add a warning message when using unencrypted passwords - Mailing list pgsql-hackers

From Nathan Bossart
Subject Re: Add a warning message when using unencrypted passwords
Date
Msg-id Z1jK17QlPoAmxQMd@nathan
Whole thread Raw
List pgsql-hackers
On Sat, Dec 07, 2024 at 03:39:55PM +0100, Guillaume Lelarge wrote:
> I thought about it, and tried to write a patch. I've mostly copied the
> "Deprecate MD5 passwords" patch/commit from Nathan Bossart. My patch works
> on current HEAD. Documentation and tests are dealt with.

I've been thinking about this one for a couple of days, and I'm finding
myself leaning -1.  I certainly didn't intend for the MD5 password
deprecation warnings to set a precedent of warning for every potentially
undesired behavior, and given that there's no plan to remove the ability to
specify a clear-text password in queries, I worry that this will generate
far more noise than is warranted.  I also worry that users may misinterpret
the warning as saying that the clear-text password is stored in the
catalogs.

I know the topic of "password leakage" comes up a lot (e.g., [0]).  It'd be
good to find a path forward for that, but IMHO it will require more than
warnings.

[0] https://postgr.es/m/b75955f7-e8cc-4bbd-817f-ef536bacbe93%40joeconway.com

-- 
nathan



pgsql-hackers by date:

Previous
From: Nathan Bossart
Date:
Subject: Re: Fix early elog(FATAL)
Next
From: Jeff Davis
Date:
Subject: Re: [18] Fix a few issues with the collation cache