On 03/17/2017 02:01 PM, Robert Haas wrote:
> On Thu, Mar 16, 2017 at 11:38 PM, Michael Paquier
> <michael.paquier@gmail.com> wrote:
>> At least this has the merit of making \password simpler from psql
>> without a kind of --method option: if the backend is 9.6 or older,
>> just generate a MD5-hash, and SCRAM-hash for newer versions.
>> PQencryptPassword still needs to be extended so as it accepts a hash
>> method though.
>
> What if the user doesn't want to switch to SCRAM because they also use
> some connector that hasn't been updated to support it?
>
> I bet there will be a lot of people in that situation.
You could use the less secure server-side ALTER USER to set the password
in that case. Or use an older client. But I agree, it's a bit weird if
we don't allow the user to generate an MD5 hash, if he insists. I think
we still need a 'method' option to \password.
It would make sense to have \password obey password_encryption GUC. Then
\password and ALTER USER would do the same thing, which would be less
surprising. Although it's also a bit weird for a GUC to affect
client-side behavior, so perhaps better to just document that \password
will create a SCRAM verifier, unless you explicitly tell it to create an
MD5 hash, and add a 'method' parameter to it.
- Heikki
