Greetings, * Joe Conway (m...@joeconway.com) wrote: > On 5/23/19 10:30 PM, Stephen Frost wrote: > > * Tom Lane (t...@sss.pgh.pa.us) wrote: > >> "Jonathan S. Katz" <jk...@postgresql.org> writes: > >> > For now I have left in the password based method to be scram-sha-256 as > >> > I am optimistic about the support across client drivers[1] (and FWIW I > >> > have an implementation for crystal-pg ~60% done). > >> > >> > However, this probably means we would need to set the default password > >> > encryption guc to "scram-sha-256" which we're not ready to do yet, so it > >> > may be moot to leave it in. > >> > >> > So, thinking out loud about that, we should probably use "md5" and once > >> > we decide to make the encryption method "scram-sha-256" by default, then > >> > we update the recommendation? > >> > >> Meh. If we're going to break things, let's break them. Set it to > >> scram by default and let people who need to cope with old clients > >> change the default. I'm tired of explaining that MD5 isn't actually > >> insecure in our usage ... > > > > +many. > > many++ > > Are we doing this for pg12? In any case, I would think we better loudly > point out this change somewhere.
Sure, we should point it out, but I don't know that it needs to be screamed from the rooftops considering the packagers have already been largely ignoring our defaults here anyway... Thanks, Stephen
signature.asc
Description: PGP signature
