On 14 March 2017 at 15:40, Tom Lane <t...@sss.pgh.pa.us> wrote: >> I was also thinking about that. Basically a primary method and a >> fallback. If that were the case, a gradual transition could happen, and >> if we want \password to enforce best practice it would be ok. > > Why exactly would anyone want "md5 only"? I should think that "scram > only" is a sensible pg_hba setting, if the DBA feels that md5 is too > insecure, but I do not see the point of "md5 only" in 2017. I think > we should just start interpreting that as "md5 or better".
+1 As a potential open item, if we treat "md5" as ">= md5" should we not also treat "password" as ">=password"? It seems strange that we still support "password" and yet tell everyonenot to use it. I'd like PG10 to be the version where I don't have to tell people not to use certain things, hash indexes, "password" etc. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
