On Wed, May 3, 2017 at 9:57 PM, Magnus Hagander <mag...@hagander.net> wrote:
> On Wed, May 3, 2017 at 2:25 PM, Michael Paquier <michael.paqu...@gmail.com>
>> On Wed, May 3, 2017 at 8:38 PM, Magnus Hagander <mag...@hagander.net>
>> > On Wed, May 3, 2017 at 1:31 PM, Heikki Linnakangas <hlinn...@iki.fi>
>> > wrote:
>> >> In various threads on SCRAM, we've skirted around the question of
>> >> whether
>> >> we should still allow storing passwords in plaintext. I've avoided
>> >> discussing that in those other threads, because it's been an orthogonal
>> >> question, but it's a good question and we should discuss it.
>> >> So, I propose that we remove support for password_encryption='plain' in
>> >> PostgreSQL 10. If you try to do that, you'll get an error.
>> > Is there any usecase at all for it today?
>> For developers running applications on top of Postgres?
> I don't get it. How does password_encryption=plain help them?
Sanity checks at development stage of web applications to make sure
that the password strength automatically generated by the application
at first login is strong enough. I personally found that helpful for
Sent via pgsql-hackers mailing list (email@example.com)
To make changes to your subscription: