Re: [HACKERS] password_encryption, default and 'plain' support
| От | Michael Paquier |
|---|---|
| Тема | Re: [HACKERS] password_encryption, default and 'plain' support |
| Дата | |
| Msg-id | CAB7nPqSQXeOoDMGoCFxDL5mJfD9O7TfCYtdrN=9hKBdMXJU9jQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] password_encryption, default and 'plain' support (Magnus Hagander <magnus@hagander.net>) |
| Список | pgsql-hackers |
On Wed, May 3, 2017 at 9:57 PM, Magnus Hagander <magnus@hagander.net> wrote: > > > On Wed, May 3, 2017 at 2:25 PM, Michael Paquier <michael.paquier@gmail.com> > wrote: >> >> On Wed, May 3, 2017 at 8:38 PM, Magnus Hagander <magnus@hagander.net> >> wrote: >> > On Wed, May 3, 2017 at 1:31 PM, Heikki Linnakangas <hlinnaka@iki.fi> >> > wrote: >> >> In various threads on SCRAM, we've skirted around the question of >> >> whether >> >> we should still allow storing passwords in plaintext. I've avoided >> >> discussing that in those other threads, because it's been an orthogonal >> >> question, but it's a good question and we should discuss it. >> >> >> >> So, I propose that we remove support for password_encryption='plain' in >> >> PostgreSQL 10. If you try to do that, you'll get an error. >> > >> > Is there any usecase at all for it today? >> >> For developers running applications on top of Postgres? > > > I don't get it. How does password_encryption=plain help them? Sanity checks at development stage of web applications to make sure that the password strength automatically generated by the application at first login is strong enough. I personally found that helpful for this purpose. -- Michael
В списке pgsql-hackers по дате отправления: