On 14 March 2017 at 15:40, Tom Lane <t...@sss.pgh.pa.us> wrote:

>> I was also thinking about that. Basically a primary method and a
>> fallback. If that were the case, a gradual transition could happen, and
>> if we want \password to enforce best practice it would be ok.
> Why exactly would anyone want "md5 only"?  I should think that "scram
> only" is a sensible pg_hba setting, if the DBA feels that md5 is too
> insecure, but I do not see the point of "md5 only" in 2017.  I think
> we should just start interpreting that as "md5 or better".


As a potential open item, if we treat "md5" as ">= md5"
should we not also treat "password" as ">=password"?

It seems strange that we still support "password" and yet tell
everyonenot to use it.

I'd like PG10 to be the version where I don't have to tell people not
to use certain things, hash indexes, "password" etc.

Simon Riggs                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to