On Sat, Dec 07, 2024 at 03:39:55PM +0100, Guillaume Lelarge wrote:
> I thought about it, and tried to write a patch. I've mostly copied the
> "Deprecate MD5 passwords" patch/commit from Nathan Bossart. My patch works
> on current HEAD. Documentation and tests are dealt with.
I've been thinking about this one for a couple of days, and I'm finding
myself leaning -1. I certainly didn't intend for the MD5 password
deprecation warnings to set a precedent of warning for every potentially
undesired behavior, and given that there's no plan to remove the ability to
specify a clear-text password in queries, I worry that this will generate
far more noise than is warranted. I also worry that users may misinterpret
the warning as saying that the clear-text password is stored in the
catalogs.
I know the topic of "password leakage" comes up a lot (e.g., [0]). It'd be
good to find a path forward for that, but IMHO it will require more than
warnings.
[0] https://postgr.es/m/b75955f7-e8cc-4bbd-817f-ef536bacbe93%40joeconway.com
--
nathan
