On 28.02.22 00:17, Jeff Davis wrote:
I also have in mind here that there has been discussion of giving libpq a feature to refuse, on the client side, to send cleartext passwords.I am generally in favor of that idea, but I'm not sure that will completely resolve the issue. For instance, should it also refuse MD5?
Presumably that feature could be more generally "refuse these authentication mechanisms" rather than only one hardcoded one.