Home > mailing lists

Re: pg_upgrade: warn about roles with md5 passwords - Mailing list pgsql-hackers

From	Nathan Bossart
Subject	Re: pg_upgrade: warn about roles with md5 passwords
Date	June 2 20:04:00
Msg-id	aD3ZgHLMu58pAUpy@nathan Whole thread Raw
In response to	Re: pg_upgrade: warn about roles with md5 passwords (Jeff Davis <pgsql@j-davis.com>)
List	pgsql-hackers

Tree view

On Mon, Jun 02, 2025 at 09:45:55AM -0700, Jeff Davis wrote:
> On Mon, 2025-06-02 at 10:32 -0500, Nathan Bossart wrote:
>> The one thing I don't like about this check is that it's probably not
>> great
>> from a security standpoint to effectively announce which roles have
>> MD5
>> passwords.
> 
> Do you have a specific concern, or is that more of a general concern?

General.

>> One other thing I noticed is that checks that only emit warnings,
>> like
>> check_for_unicode_update(), require using --retain in order to see
>> the
>> generated report file.
> 
> Should we automatically retain files associated with warnings, or copy
> them to a different location?

That seems worth considering.  Another option could be to just document
that files generated for warnings will be lost without --retain.  WDYT?

-- 
nathan

pgsql-hackers by date:

From: Alena Rybakina
Date: 02 June, 19:50:42
Subject: Re: Vacuum statistics

From: Tom Lane
Date: 02 June, 21:13:43
Subject: Re: tighten generic_option_name, or store more carefully in catalog?

Re: pg_upgrade: warn about roles with md5 passwords - Mailing list pgsql-hackers

Previous

Next