On Wed, Mar 19, 2025 at 9:24 AM Greg Sabino Mullane <htamf...@gmail.com> wrote: >> The user has no particular reason to care about the fact that the password >> they just typed ended up in the log. That is a concern for >> the DBA, not the user, and even if they care about the DBA's feelings, they >> only get the warning after it's too late to do otherwise. > > Can't the same be said about other warnings, esp. md5?
Absolutely. Warnings are sometimes the right thing, but they often suck. If something is really a bad idea, "ERROR: bad idea" is vastly superior to "WARNING: what you just already did was a bad idea". If we don't actually know for sure that it's a bad idea, then it's generally better not to emit a warning at all, for fear of log-spamming people who know what they're doing. > Robert - would you be more inclined to accept this if we kept the three > states, but made the default "allow"? That would still allow people to bump > it stronger manually, but would have no effect on everyone else. That would > give us time to tweak the wording and/or examine other approaches. Although > any other approaches would still leave the need to do something with > passwords via ALTER USER / CREATE USER in the interim. I mean, I do think that is probably a better idea, but I personally have zero intention of committing this patch regardless. I have seen a lot of problems in this area working at EDB and my educated guess is that this solves 0% of them. Now, if enough other people show up to say "but this would solve 100% of my problems," well then fair enough. But I think it's entirely reasonable for me to look at the combination of "this is a class of problem that affects me" and "this proposed solution would not help me" and be skeptical. I think you'd feel the same if the situation were reversed. If I came along and proposed some solution to a PG problem and you agreed that the problem was a problem but my proposed solution seemed useless, I assume you'd also -1 that patch. -- Robert Haas EDB: http://www.enterprisedb.com
