On Tue, May 2, 2017 at 3:42 AM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > There's going to be a default, one way or another. The default is going to > come from password_encryption, or it's going to be a hard-coded value or > logic based on server-version in PQencryptPasswordConn(). Or it's going to > be a hard-coded value or logic implemented in every application that uses > PQencryptPasswordConn(). I think looking at password_encryption makes the > most sense. The application is not in a good position to make the decision, > and forcing the end-user to choose every time they change a password is too > onerous.
I think there should be no default, and the caller should have to pass the algorithm explicitly. If they want to determine what default to pass by running 'SHOW password_encryption', that's their choice. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers