Re: Add a warning message when using unencrypted passwords
| От | Guillaume Lelarge |
|---|---|
| Тема | Re: Add a warning message when using unencrypted passwords |
| Дата | |
| Msg-id | 1f2cc1ee-e169-49be-87e6-d336d02e6e48@dalibo.com обсуждение исходный текст |
| Ответ на | Re: Add a warning message when using unencrypted passwords (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Add a warning message when using unencrypted passwords
|
| Список | pgsql-hackers |
On 04/02/2025 17:59, Tom Lane wrote: > Guillaume Lelarge <guillaume.lelarge@dalibo.com> writes: >> v2 is attached. > > This seems pretty much entirely useless to me. The password > has already been leaked to the log (*and* the network, if > session is unencrypted), so what's the point of a warning? > And as already noted, this ignores several other hazards of > the same sort, so it's more likely to create a false sense of > security than anything else. > > (In addition to the points noted, what of event triggers? > Or ~/.psql_history?) > I agree that the warning itself doesn't make the password secure. But it never pretends to do that. If I, as a user, see a message like this, my next move will be to search for a way to change my password in a secure way. Warning users won't save everyone, but it may help some. Doing nothing helps no one. -- Guillaume Lelarge Consultant https://dalibo.com
В списке pgsql-hackers по дате отправления: