On Sun, Jan 12, 2025 at 05:59:20PM -0500, Tom Lane wrote: > > If the password for the user is stored as an MD5 hash, the server > > replies to the startup message with an AuthenticationCleartextPassword > > respnse to force the client to send the password in the clear > > (obviously you only want to do that if the connection is TLS-encrypted > > or otherwise safe from eavesdropping). > > I think this idea is a nonstarter, TLS or not. We're generally moving > in the direction of never letting the server see cleartext passwords. > It's already possible to configure libpq to refuse such requests > (see require_auth parameter), although that hasn't been made the > default. Agreed. I think weakening the MD5 handshake to switch to a more secure hash algorithm is unwise. -- Bruce Momjian <bruce@xxxxxxxxxx> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
