On Fri, 24 May 2019 at 07:48, Joe Conway <m...@joeconway.com> wrote: > On 5/23/19 10:30 PM, Stephen Frost wrote: > > Greetings, > > > > * Tom Lane (t...@sss.pgh.pa.us) wrote: > >> "Jonathan S. Katz" <jk...@postgresql.org> writes: > >> > For now I have left in the password based method to be scram-sha-256 > as > >> > I am optimistic about the support across client drivers[1] (and FWIW I > >> > have an implementation for crystal-pg ~60% done). > >> > >> > However, this probably means we would need to set the default password > >> > encryption guc to "scram-sha-256" which we're not ready to do yet, so > it > >> > may be moot to leave it in. > >> > >> > So, thinking out loud about that, we should probably use "md5" and > once > >> > we decide to make the encryption method "scram-sha-256" by default, > then > >> > we update the recommendation? > >> > >> Meh. If we're going to break things, let's break them. Set it to > >> scram by default and let people who need to cope with old clients > >> change the default. I'm tired of explaining that MD5 isn't actually > >> insecure in our usage ... > > > > +many. > > many++ > > Are we doing this for pg12? In any case, I would think we better loudly > point out this change somewhere. > > +many as well given the presumption that we are going to break existing behaviour
Dave
