On 02/11/2015 02:49 PM, Robert Haas wrote:
So, this all sounds fairly nice if somebody's willing to do the work, but I can't help noticing that you originally proposed adopting SCRAM in 2012, and it's 2015 now. So I wonder if anyone's really going to do all this work, and if not, whether we should go for something simpler. Just plugging something else in for MD5 would be a lot less work for us to implement and for clients to support, even if it is (as it unarguably is) less elegant.
"Just plugging something else in for MD5" would still be a fair amount of work. Not that much less than the full program I proposed.
Well, I guess it's easier if you immediately stop supporting MD5, have a "flag day" in all clients to implement the replacement, and break pg_dump/restore of passwords in existing databases. That sounds horrible. Let's do this properly. I can help with that, although I don't know if I'll find the time and enthusiasm to do all of it alone.
- Heikki -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
