On Mon, Apr 08, 2019 at 02:28:30PM -0400, Tom Lane wrote: >On Mon, Apr 08, 2019 at 10:41:07AM -0700, Andres Freund wrote: >> If jdbc didn't support scram, it'd be an absolutely clear no-go imo. A >> pretty large fraction of users use jdbc to access postgres. But it seems >> to me that support has been merged for a while: >> https://github.com/pgjdbc/pgjdbc/pull/1014 > > "Merged to upstream" is a whole lot different from "readily available in > the field". What's the actual status in common Linux distros, for > example?
I found: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.1 Version 42.2.0 (2018-01-17) Added Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+) using the Ongres SCRAM library. PR 842 I see that's in ubuntu, but not any LTS release: https://packages.ubuntu.com/search?keywords=libpostgresql-jdbc-java And in Debian testing, but no released version: https://packages.debian.org/search?keywords=libpostgresql-jdbc-java For centos6/7, OS packages would not have scram support: $ yum list --showdupl postgresql-jdbc Available Packages postgresql-jdbc.noarch 9.2.1002-6.el7_5 base postgresql-jdbc.noarch 42.2.5-1.rhel7.1 pgdg11 $ yum list --showdupl postgresql-jdbc Available Packages postgresql-jdbc.noarch 8.4.704-2.el6 base postgresql-jdbc.noarch 42.2.5-1.rhel6.1 pgdg11 > The scenario that worries me here is somebody using a bleeding-edge PGDG > server package in an environment where the rest of the Postgres ecosystem > is much less bleeding-edge. If someone installs a postgres RPM/DEB from postgresql.org, they could also install postgresql-jdbc, right ? I realize that doesn't mean that people will consistently know to and actually do that. If the default were changed, possibly the PGDG package could define something like (I haven't done packaging in a long time): Conflicts: postgresql-jdbc<42.2.0 On Mon, Apr 08, 2019 at 03:18:42PM -0400, Jonathan S. Katz wrote: > Well, if it's RHEL7, it's PostgreSQL 9.2 so, unless they're using our > RPM, that definitely does not have it :)
