Home > mailing lists

Re: sunsetting md5 password support - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: sunsetting md5 password support
Date	October 11, 2024 00:03:37
Msg-id	ZwhBKeNztHPj0Rzg@momjian.us Whole thread Raw
In response to	Re: sunsetting md5 password support (Jelte Fennema-Nio <postgres@jeltef.nl>)
Responses	Re: sunsetting md5 password support
List	pgsql-hackers

Tree view

On Wed, Oct  9, 2024 at 10:30:15PM +0200, Jelte Fennema-Nio wrote:
> On Wed, 9 Oct 2024 at 21:55, Nathan Bossart <nathandbossart@gmail.com> wrote:
> > In this message, I propose a multi-year, incremental approach to remove MD5
> > password support from Postgres.
> 
> +many for the general idea
> 
> I think it makes sense to also remove the "password" authentication
> option while we're at it (this can currently be used with SCRAM stored
> passwords).

I remember "password" as being recommended for SSL connections where
there is no risk of the password contents being seen.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  When a patient asks the doctor, "Am I going to die?", he means 
  "Am I going to die soon?"

pgsql-hackers by date:

From: "David E. Wheeler"
Date: 10 October 2024, 23:35:42
Subject: Re: RFC: Additional Directory for Extensions

From: Tom Lane
Date: 11 October 2024, 00:04:46
Subject: Re: Converting tab-complete.c's else-if chain to a switch

Re: sunsetting md5 password support - Mailing list pgsql-hackers

Previous

Next