Change default of password_encryption to scram-sha-256

Also, the legacy values on/true/yes/1 for password_encryption that mapped to md5 are removed. The only valid values are now scram-sha-256 and md5. Reviewed-by: Jonathan S. Katz <jkatz@postgresql.org> Discussion: https://www.postgresql.org/message-id/flat/d5b0ad33-7d94-bdd1-caac-43a1c782cab2%402ndquadrant.com
2025-07-07 00:36:50 +03:00 · 2020-06-10 16:16:37 +02:00
parent 5a4ada71a8
commit c7eab0e97e
7 changed files with 23 additions and 31 deletions
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@ -43,7 +43,7 @@ Oid			binary_upgrade_next_pg_authid_oid = InvalidOid;


 /* GUC parameter */
-int			Password_encryption = PASSWORD_TYPE_MD5;
+int			Password_encryption = PASSWORD_TYPE_SCRAM_SHA_256;

 /* Hook to check passwords in CreateRole() and AlterRole() */
 check_password_hook_type check_password_hook = NULL;