database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-16 06:01:02 +03:00
Code Activity

Deprecate MD5 passwords.

Browse Source 
MD5 has been considered to be unsuitable for use as a cryptographic
hash algorithm for some time.  Furthermore, MD5 password hashes in
PostgreSQL are vulnerable to pass-the-hash attacks, i.e., knowing
the username and hashed password is sufficient to authenticate.
The SCRAM-SHA-256 method added in v10 is not subject to these
problems and is considered to be superior to MD5.

This commit marks MD5 password support in PostgreSQL as deprecated
and to be removed in a future release.  The documentation now
contains several deprecation notices, and CREATE ROLE and ALTER
ROLE now emit deprecation warnings when setting MD5 passwords.  The
warnings can be disabled by setting the md5_password_warnings
parameter to "off".

Reviewed-by: Greg Sabino Mullane, Jim Nasby
Discussion: https://postgr.es/m/ZwbfpJJol7lDWajL%40nathan
This commit is contained in:
Nathan Bossart
2024-12-02 13:30:07 -06:00
parent 97173536ed
commit db6a4a985b
16 changed files with 135 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
doc/src/sgml/catalogs.sgml
View File

@ -1618,6 +1618,15 @@
will store the md5 hash of <literal>xyzzyjoe</literal>.
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be removed in a
future release of <productname>PostgreSQL</productname>. Refer to
<xref linkend="auth-password"/> for details about migrating to another
password type.
</para>
</warning>
<para>
If the password is encrypted with SCRAM-SHA-256, it has the format:
<synopsis>

17
doc/src/sgml/client-auth.sgml
View File

@ -531,6 +531,15 @@ include_dir <replaceable>directory</replaceable>
user's password. See <xref linkend="auth-password"/>
for details.
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be
removed in a future release of
<productname>PostgreSQL</productname>. Refer to
<xref linkend="auth-password"/> for details about migrating to
another password type.
</para>
</warning>
</listitem>
</varlistentry>
@ -1260,6 +1269,14 @@ omicron bryanh guest1
server is encrypted for SCRAM (see below), then SCRAM-based
authentication will automatically be chosen instead.
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be removed
in a future release of <productname>PostgreSQL</productname>. Refer to
the text below for details about migrating to another password type.
</para>
</warning>
</listitem>
</varlistentry>

24
doc/src/sgml/config.sgml
View File

@ -1124,6 +1124,14 @@ include_dir 'conf.d'
mechanism, and hence not work with passwords encrypted with
SCRAM-SHA-256. See <xref linkend="auth-password"/> for more details.
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be removed
in a future release of <productname>PostgreSQL</productname>. Refer
to <xref linkend="auth-password"/> for details about migrating to
another password type.
</para>
</warning>
</listitem>
</varlistentry>
@ -7913,6 +7921,22 @@ log_line_prefix = '%m [%p] %q%u@%d/%a '
</listitem>
</varlistentry>
<varlistentry id="guc-md5-password-warnings" xreflabel="md5_password_warnings">
<term><varname>md5_password_warnings</varname> (<type>boolean</type>)
<indexterm>
<primary><varname>md5_password_warnings</varname> configuration parameter</primary>
</indexterm>
</term>
<listitem>
<para>
Controls whether a <literal>WARNING</literal> about MD5 password
deprecation is produced when a <command>CREATE ROLE</command> or
<command>ALTER ROLE</command> statement sets an MD5-encrypted password.
The default value is <literal>on</literal>.
</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>
<sect2 id="runtime-config-logging-csvlog">

9
doc/src/sgml/libpq.sgml
View File

@ -1341,6 +1341,15 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
<para>
The server must request MD5 hashed password authentication.
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be
removed in a future release of
<productname>PostgreSQL</productname>. Refer to
<xref linkend="auth-password"/> for details about migrating to
another password type.
</para>
</warning>
</listitem>
</varlistentry>

8
doc/src/sgml/protocol.sgml
View File

@ -312,6 +312,14 @@
(Keep in mind the <function>md5()</function> function returns its
result as a hex string.)
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be removed
in a future release of <productname>PostgreSQL</productname>. Refer
to <xref linkend="auth-password"/> for details about migrating to
another password type.
</para>
</warning>
</listitem>
</varlistentry>

8
doc/src/sgml/ref/create_role.sgml
View File

@ -273,6 +273,14 @@ in sync when changing the above synopsis!
different format). This allows reloading of encrypted passwords
during dump/restore.
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be removed
in a future release of <productname>PostgreSQL</productname>. Refer
to <xref linkend="auth-password"/> for details about migrating to
another password type.
</para>
</warning>
</listitem>
</varlistentry>

10
doc/src/sgml/runtime.sgml
View File

@ -2053,6 +2053,16 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
is an Internet standard and is more secure than the PostgreSQL-specific
MD5 authentication protocol.
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be removed in
a future release of <productname>PostgreSQL</productname>. Refer to
<xref linkend="auth-password"/> for details about migrating to another
password type.
</para>
</warning>
</listitem>
</varlistentry>