Greetings, * Magnus Hagander (mag...@hagander.net) wrote: > On Fri, May 22, 2020 at 4:13 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > > Peter Eisentraut <peter.eisentr...@2ndquadrant.com> writes: > > > We didn't get anywhere with making the default authentication method in > > > a source build anything other than trust. But perhaps we should change > > > the default for password_encryption to nudge people to adopt SCRAM? > > > Right now, passwords are still hashed using MD5 by default, unless you > > > specify scram-sha-256 using initdb -A or similar. > > > > I think what that was waiting on was for client libraries to become > > SCRAM-ready. Do we have an idea of the state of play on that side? > > > > If the summary table on the wiki at > https://wiki.postgresql.org/wiki/List_of_drivers is to be trusted, every > listed driver except Swift does.
Yes, Katz actually went through and worked with folks to make that happen. I'm +1 on moving the default for password_encryption to be scram. Even better would be changing the pg_hba.conf default, but I think we still have concerns about that having problems with the regression tests and the buildfarm. Thanks, Stephen
signature.asc
Description: PGP signature
