Re: sunsetting md5 password support

On 2024-10-09 We 7:11 PM, Heikki Linnakangas wrote:
> On 09/10/2024 22:55, Nathan Bossart wrote:
>> In this message, I propose a multi-year, incremental approach to 
>> remove MD5
>> password support from Postgres.
>
> +1
>
>>   2.  In v19, allow upgrading with MD5 passwords and allow 
>> authenticating
>>       with them, but disallow creating new ones (i.e., restrict/remove
>>       password_encryption and don't allow setting pre-hashed MD5 
>> passwords).
>
> This is a bit weird state. What exactly is "upgrading"? I guess you 
> mean pg_upgrade, but lots of people use pg_dump & restore or logical 
> replication or something else entirely for upgrading. That's 
> indistinguishable from setting a pre-hashed MD5 password.
>
> I think it's bad if you cannot pg_dump & restore your database.


Hmm, yeah. It would be easy enough to prevent MD5 passwords in things 
like CREATE ROLE / ALTER ROLE, but harder to check for MD5 if there are 
direct updates to pg_authid. Maybe we need to teach pg_dumpall a way to 
do that as a workaround?


cheers


andrew


--
Andrew Dunstan
EDB: https://www.enterprisedb.com