On Mon, Jun 11, 2018 at 4:49 PM, Peter Eisentraut < peter.eisentr...@2ndquadrant.com> wrote:
> On 6/6/18 18:04, Michael Paquier wrote: > > On Wed, Jun 06, 2018 at 11:53:06PM +0300, Heikki Linnakangas wrote: > >> That would certainly be good. We've always had that problem, even with > md5 > >> -> plaintext password downgrade, and it would be nice to fix it. It's > quite > >> late in the release cycle already, do you think we should address that > now? > >> I could go either way.. > > > > I would be inclined to treat that as new development as this is no new > > problem. > > I agree. > > Agreed as well. I'm wondering if that means we should then also not do it specifically for scram in this version. Otherwise we're likely to end up with a parameter that only has a "lifetime" of one version, and that seems like a bad idea. If nothing else we should clearly think out what the path is to make sure that doesn't happen. (e.g. we don't want a scram_channel_binding_mode=require in this version, if the next one is going to replace it with something like heikkis suggested allowed_authentication_methods=SCRAM-SHA-256-PLUS or whatever we end up coming up with there). -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
