On Sun, Dec 24, 2023 at 12:06 PM Jonathan S. Katz <jk...@postgresql.org> wrote: > We're likely to have new algorithms in the future, as there is a draft > RFC for updating the SCRAM hashes, and already some regulatory bodies > are looking to deprecate SHA256. My concern with relying on the > "encrypted_password" GUC (which is why PQencryptPasswordConn takes > "conn") makes it any easier for users to choose the algorithm, or if > they need to rely on the server/session setting.
Yeah, I agree. It doesn't make much sense to me to propose that a GUC, which is a server-side setting, should control client-side behavior. Also, +1 for the general idea. I don't think this is a whole answer to the problem of passwords appearing in log files because (1) you have to be using libpq in order to make use of this and (2) you have to actually use it instead of just doing something else and complaining about the problem. But neither of those things is a reason not to have it. There's no reason why a sophisticated user who goes through libpq shouldn't have an easy way to do this instead of being asked to reimplement it if they want the functionality. -- Robert Haas EDB: http://www.enterprisedb.com
