On Wed, May 3, 2017 at 5:52 PM, Robert Haas <robertmh...@gmail.com> wrote:
> On Wed, May 3, 2017 at 7:31 AM, Heikki Linnakangas <hlinn...@iki.fi> > wrote: > > In various threads on SCRAM, we've skirted around the question of > whether we > > should still allow storing passwords in plaintext. I've avoided > discussing > > that in those other threads, because it's been an orthogonal question, > but > > it's a good question and we should discuss it. > > > > So, I propose that we remove support for password_encryption='plain' in > > PostgreSQL 10. If you try to do that, you'll get an error. > > I have no idea how widely used that option is. > > > Another question that's been touched upon but not explicitly discussed, > is > > whether we should change the default to "scram-sha-256". I propose that > we > > do that as well. If you need to stick to md5, e.g. because you use > drivers > > that don't support SCRAM yet, you can change it in postgresql.conf, but > the > > majority of installations that use modern clients will be more secure by > > default. > > I think that we should investigate how many connectors have support > for SCRAM or are likely to do so by the time v10 is released. A *lot* > of people are using connectors that are not based on libpq, especially > JDBC but I think many of the others as well. If most of those are > going to support SCRAM by the time v10 comes out, cool, but if not, > maybe it's wise to hold off for a release before flipping the default. > Not sure. > >From the traffic on the list it sounds like the JDBC people are working on it already -- hopefully they will have something in time. It might make sense to ping other "major drivers" people as well -- such as maybe npgsql. What else? A good approach might be to change the default now, before beta. Then if drivers don't change, or if we get a lot of pushback from beta testers, we change it back before release. But if we don't change it, we will not know how big the impact would be... -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
