Hi, On 2019-04-08 13:34:12 -0400, Alvaro Herrera wrote: > I'm not sure I understand all this talk about deferring changing the > default to pg13. AFAICS only a few fringe drivers are missing support; > not changing in pg12 means we're going to leave *all* users, even those > whose clients have support, without the additional security for 18 more > months.
Imo making such changes after feature freeze is somewhat poor form. These arguments would have made a ton more sense at the *beginning* of the v12 development cycle, because that'd have given all these driver authors a lot more heads up. > IIUC the vast majority of clients already support SCRAM auth. So the > vast majority of PG users can take advantage of the additional security. > I think the only massive-adoption exception is JDBC, and apparently they > already have working patches for SCRAM. If jdbc didn't support scram, it'd be an absolutely clear no-go imo. A pretty large fraction of users use jdbc to access postgres. But it seems to me that support has been merged for a while: https://github.com/pgjdbc/pgjdbc/pull/1014 Greetings, Andres Freund
