On 2/6/25 18:03, Bharani SV-forum wrote:
Adrian
TQ for your valuable input's.
*Additional Qsn*
Assume DB ver = 15.X
By default encryption = scram-sha-256, Assume pg_hba.conf is quoted the
usage as MD5 for the
dbuserid "test_usr_1"
*e.g .)*
*
*
hostssl all test_usr_1 10.20.30.40 md5
i.e .)
Assume if the respective db userid (e.g test_usr_1) is quoted for usage
md5, in pg_hba.conf, No Need to Change, the respective *Role/Userid
password mandatorily.* DB System will allow to use existing password
with the old MD5 passwords still work, as long as the authentication
method in pg_hba.conf is set to md5
Yes.
It gives you time to switch the passwords to scram-sha-256 encryption
after you do the migration. In other words you can have both md5 and
scram-sha-256 passwords in use without changing the pg_hba.conf lines.
Once the transition to scram-sha-256 is done then you can change the
lines to scram-sha-256 and that will prevent use of m5 passwords going
forward.
e.g.) hostssl all LOGS_USER_1 10.9.0.0/21 md5
Is their, any security problem due to usage of md5 in the pg_hba.conf
file with underlying db =15.X ?
You are currently using it, have there been any issues?
If not then moving to Postgres 15 won't change that.
I am Aware ,
(a) *MD5 hash algorithm is nowadays no longer considered secure against
determined attacks.*
*(a) MD5 method cannot be used with the db_user_namespace feature.
*
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
