Tom Lane wrote: > Magnus Hagander <mag...@hagander.net> writes: >> Patch also changes the default from "prefer" to "disable", per discussion. > > I confess to not having paid attention to this thread for awhile. > I have to violently object to this conclusion --- it is throwing the > baby out with the bathwater. Under the pretense of being "secure by > default" it will in fact make things *less* secure. A minimum > requirement in my view is that existing configurations should continue > to work and be no less secure than before. Having a connection that > was encrypted in 8.3 silently become clear-text after installing 8.4 > is just plain NOT acceptable. > > I think the patch would be fine if we simply keep the default where > it is, however. Is there some point I am missing that compels > selection of a less-secure default?
The current default *makes no sense*. Ever. Not just as a default. However, I can see us having "allow" instead of "disable" as the default. That is the most forgiving of all settings - it will work with whatever you had configured before. //Magnus -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
