public inbox for [email protected]  
help / color / mirror / Atom feed
From: Joshua Brindle <[email protected]>
To: Peter Eisentraut <[email protected]>
Cc: Jonathan S. Katz <[email protected]>
Cc: Stephen Frost <[email protected]>
Cc: Michael Paquier <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: Jeff Davis <[email protected]>
Cc: samay sharma <[email protected]>
Cc: [email protected]
Subject: Re: Proposal: Support custom authentication methods using hooks
Date: Thu, 3 Mar 2022 11:12:17 -0500
Message-ID: <CAGB+Vh4UrjYOmEAF7VV+cXgBhA24C+MG1iDX-bRUbhf6T26CyA@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>
	<[email protected]>

On Thu, Mar 3, 2022 at 4:45 AM Peter Eisentraut
<[email protected]> wrote:
>
> On 02.03.22 16:45, Jonathan S. Katz wrote:
> > By that argument, we should have kept "password" (plain) as an
> > authentication method.
>
> For comparison, the time between adding md5 and removing password was 16
> years.  It has been 5 years since scram was added.

It's been 7 years since this thread:
https://www.postgresql.org/message-id/[email protected]

As Jonathan and Stephen and others have said, anyone who wishes to
continue using MD5 or other plaintext methods can keep doing that for
5 more years with a supported version of PG. There is no excuse to
leave well known, flawed mechanisms in PG16.






view thread (24+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Proposal: Support custom authentication methods using hooks
  In-Reply-To: <CAGB+Vh4UrjYOmEAF7VV+cXgBhA24C+MG1iDX-bRUbhf6T26CyA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox