On Wed, 3 Jan 2024 at 08:53, Robert Haas <robertmh...@gmail.com> wrote:
> On Sun, Dec 24, 2023 at 12:06 PM Jonathan S. Katz <jk...@postgresql.org> > wrote: > > We're likely to have new algorithms in the future, as there is a draft > > RFC for updating the SCRAM hashes, and already some regulatory bodies > > are looking to deprecate SHA256. My concern with relying on the > > "encrypted_password" GUC (which is why PQencryptPasswordConn takes > > "conn") makes it any easier for users to choose the algorithm, or if > > they need to rely on the server/session setting. > > Yeah, I agree. It doesn't make much sense to me to propose that a GUC, > which is a server-side setting, should control client-side behavior. > > Also, +1 for the general idea. I don't think this is a whole answer to > the problem of passwords appearing in log files because (1) you have > to be using libpq in order to make use of this JDBC has it as of yesterday. I would imagine other clients will implement it. Dave Cramer > >
