On Mon, 3 Mar 2025 at 12:07, Greg Sabino Mullane <htamf...@gmail.com> wrote:
> On Mon, Mar 3, 2025 at 11:33 AM Nathan Bossart <nathandboss...@gmail.com> > wrote: > >> I think it would be good to hear some other opinions on whether we should >> consider sending clear-text passwords to the server as either 1) fully >> supported, 2) deprecated but with no intent to remove anytime soon, or 3) >> deprecated with the intent of removal at some point in the next several >> years. I personally am -1 on the warning unless we have a consensus on >> (3), but I'm +1 on adding a way to enforce "pre-encryption" regardless. >> > > That's more than fair. And "deprecation" doesn't need to mean that's the > next step in the process. So warn -> deny by default (but allow if you work > at it) -> remove completely. Which is very similar to our md5 path, I > suppose. I'm certainly happy staying at that middle stage for an indefinite > amount of time for both of those, as it means that Postgres is both "secure > by default" but backwards compatible. > It's too bad we didn't have this discussion a few years ago. We could have decided that SCRAM authentication doesn't allow sending cleartext passwords and then relied on the phase-out of MD5 passwords to phase out sending of cleartext passwords.
