Joe Conway <mail@joeconway.com> writes: > The attached patch set moves the guts of \password from psql into the > libpq client side -- PQchangePassword() (patch 0001).
Haven't really read the patch, just looked at the docs, but here's a bit of bikeshedding:
* This seems way too eager to promote the use of md5. Surely the default ought to be SCRAM, full stop. I question whether we even need an algorithm parameter. Perhaps it's a good idea for future-proofing, but we could also plan that the function would make its own decisions based on noting the server's version. (libpq is far more likely to be au courant about what to do than the calling application, IMO.)
Using the server version has some issues. It's quite possible to encrypt a user password with md5 when the server version is scram. So if you change the encryption then pg_hba.conf would have to be updated to allow the user to log back in.