Re: change password_encryption default to scram-sha-256?
| От | Dave Cramer |
|---|---|
| Тема | Re: change password_encryption default to scram-sha-256? |
| Дата | |
| Msg-id | CADK3HHKUyuOYCSY7WAmqLJz4m37qcuyu9CTAr1a782+RbYvLJA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: change password_encryption default to scram-sha-256? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: change password_encryption default to scram-sha-256?
|
| Список | pgsql-hackers |
On Mon, 8 Apr 2019 at 16:38, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Dave Cramer <pg@fastcrypt.com> writes:
>> If someone installs a postgres RPM/DEB from postgresql.org, they could
>> also install postgresql-jdbc, right ?
> I would guess there might be some distro specific java apps that might
> actually use what is on the machine but as mentioned any reasonably complex
> Java app is going to ensure it has the correct versions for their app using
> Maven.
I'm not really sure if that makes things better or worse. If some app
thinks that it needs version N of the driver, but SCRAM support was
added in version N-plus-something, how tough is it going to be to get
it updated? And are you going to have to go through that dance for
each app separately?
I see the problem you are contemplating, but even installing a newer version of the driver has it's perils (we have been known to break some expectations in the name of the spec).
So I could see a situation where there is a legacy app that wants to use SCRAM. They update the JDBC jar on the system and due to the "new and improved" version their app breaks.
Honestly I don't have a solution to this.
That said 42.2.0 was released in January 2018, so by PG13 it's going to be 4 years old.
Dave
В списке pgsql-hackers по дате отправления: