On 2024-10-09 We 7:11 PM, Heikki Linnakangas wrote:
On 09/10/2024 22:55, Nathan Bossart wrote:
In this message, I propose a multi-year, incremental approach to
remove MD5
password support from Postgres.
+1
2. In v19, allow upgrading with MD5 passwords and allow
authenticating
with them, but disallow creating new ones (i.e., restrict/remove
password_encryption and don't allow setting pre-hashed MD5
passwords).
This is a bit weird state. What exactly is "upgrading"? I guess you
mean pg_upgrade, but lots of people use pg_dump & restore or logical
replication or something else entirely for upgrading. That's
indistinguishable from setting a pre-hashed MD5 password.
I think it's bad if you cannot pg_dump & restore your database.
Hmm, yeah. It would be easy enough to prevent MD5 passwords in things
like CREATE ROLE / ALTER ROLE, but harder to check for MD5 if there are
direct updates to pg_authid. Maybe we need to teach pg_dumpall a way to
do that as a workaround?
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
