Re: [HACKERS] scram and \password
| От | Joe Conway |
|---|---|
| Тема | Re: [HACKERS] scram and \password |
| Дата | |
| Msg-id | e794673a-c7ef-3dbc-1fd2-451660ced99a@joeconway.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] scram and \password (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On 03/14/2017 08:40 AM, Tom Lane wrote: > Joe Conway <mail@joeconway.com> writes: >> On 03/14/2017 03:15 AM, Heikki Linnakangas wrote: >>> It would be a lot more sensible, if there was a way to specify in >>> pg_hba.conf, "scram-or-md5". We punted on that for PostgreSQL 10, but >>> perhaps we should try to cram that in, after all. > >> I was also thinking about that. Basically a primary method and a >> fallback. If that were the case, a gradual transition could happen, and >> if we want \password to enforce best practice it would be ok. > > Why exactly would anyone want "md5 only"? I should think that "scram > only" is a sensible pg_hba setting, if the DBA feels that md5 is too > insecure, but I do not see the point of "md5 only" in 2017. I think > we should just start interpreting that as "md5 or better". That certainly would work for me. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
В списке pgsql-hackers по дате отправления: