Re: PATCH: warn about, and deprecate, clear text passwords
| От | Bruce Momjian |
|---|---|
| Тема | Re: PATCH: warn about, and deprecate, clear text passwords |
| Дата | |
| Msg-id | Z9rMV0pGwCtOQI4E@momjian.us обсуждение исходный текст |
| Ответ на | Re: PATCH: warn about, and deprecate, clear text passwords (Greg Sabino Mullane <htamfids@gmail.com>) |
| Список | pgsql-hackers |
On Wed, Mar 19, 2025 at 09:24:19AM -0400, Greg Sabino Mullane wrote: > I'm a little confused at some of the pushback - this patch is 100% backwards > compatible, addresses a specific requested concern by allowing a DBA to > disallow clear text passwords, and adds a warning to what is clearly a bad > practice that we should be discouraging. > > Robert - would you be more inclined to accept this if we kept the three states, > but made the default "allow"? That would still allow people to bump it stronger > manually, but would have no effect on everyone else. That would give us time to > tweak the wording and/or examine other approaches. Although any other > approaches would still leave the need to do something with passwords via ALTER > USER / CREATE USER in the interim. You are getting pushback because this complex user change is still being debated in mid-March, when the feature freeze is only a few weeks away. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
В списке pgsql-hackers по дате отправления: