On 5/23/19 10:30 PM, Stephen Frost wrote: > Greetings, > > * Tom Lane (tgl@sss.pgh.pa.us) wrote: >> "Jonathan S. Katz" <jkatz@postgresql.org> writes: >> > For now I have left in the password based method to be scram-sha-256 as >> > I am optimistic about the support across client drivers[1] (and FWIW I >> > have an implementation for crystal-pg ~60% done). >> >> > However, this probably means we would need to set the default password >> > encryption guc to "scram-sha-256" which we're not ready to do yet, so it >> > may be moot to leave it in. >> >> > So, thinking out loud about that, we should probably use "md5" and once >> > we decide to make the encryption method "scram-sha-256" by default, then >> > we update the recommendation? >> >> Meh. If we're going to break things, let's break them. Set it to >> scram by default and let people who need to cope with old clients >> change the default. I'm tired of explaining that MD5 isn't actually >> insecure in our usage ... > > +many.
many++
Are we doing this for pg12? In any case, I would think we better loudly point out this change somewhere.
+many as well given the presumption that we are going to break existing behaviour