On Wed, May 3, 2017 at 8:38 PM, Magnus Hagander <mag...@hagander.net> wrote: > On Wed, May 3, 2017 at 1:31 PM, Heikki Linnakangas <hlinn...@iki.fi> wrote: >> In various threads on SCRAM, we've skirted around the question of whether >> we should still allow storing passwords in plaintext. I've avoided >> discussing that in those other threads, because it's been an orthogonal >> question, but it's a good question and we should discuss it. >> >> So, I propose that we remove support for password_encryption='plain' in >> PostgreSQL 10. If you try to do that, you'll get an error. > > Is there any usecase at all for it today?
For developers running applications on top of Postgres? >> Another question that's been touched upon but not explicitly discussed, is >> whether we should change the default to "scram-sha-256". I propose that we >> do that as well. If you need to stick to md5, e.g. because you use drivers >> that don't support SCRAM yet, you can change it in postgresql.conf, but the >> majority of installations that use modern clients will be more secure by >> default. > > Much as that's going to cause issues for some people, I think it's worth > doing. We should probably put something specific in the release notes > mentioning the error message you get in libpq, and possibly some of the > other most common drivers. My original view on the matter was, and is still, to wait for one or two releases before switching the default to scram. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
