On 5/24/19 8:13 AM, Stephen Frost wrote: > Greetings, > > * Joe Conway (m...@joeconway.com) wrote: >> On 5/23/19 10:30 PM, Stephen Frost wrote: >> > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> >> "Jonathan S. Katz" <jk...@postgresql.org> writes: >> >> > For now I have left in the password based method to be scram-sha-256 as >> >> > I am optimistic about the support across client drivers[1] (and FWIW I >> >> > have an implementation for crystal-pg ~60% done). >> >> >> >> > However, this probably means we would need to set the default password >> >> > encryption guc to "scram-sha-256" which we're not ready to do yet, so it >> >> > may be moot to leave it in. >> >> >> >> > So, thinking out loud about that, we should probably use "md5" and once >> >> > we decide to make the encryption method "scram-sha-256" by default, then >> >> > we update the recommendation? >> >> >> >> Meh. If we're going to break things, let's break them. Set it to >> >> scram by default and let people who need to cope with old clients >> >> change the default. I'm tired of explaining that MD5 isn't actually >> >> insecure in our usage ... >> > >> > +many. >> >> many++ >> >> Are we doing this for pg12? In any case, I would think we better loudly >> point out this change somewhere. > > Sure, we should point it out, but I don't know that it needs to be > screamed from the rooftops considering the packagers have already been > largely ignoring our defaults here anyway...
Yeah, I thought about that, but anyone not using those packages will be in for a big surprise. Don't get me wrong, I wholeheartedly endorse the change, but I predict many related questions on the lists, and anything we can do to mitigate that should be done. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
