NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitdb6a4a9

committed

Deprecate MD5 passwords.

MD5 has been considered to be unsuitable for use as a cryptographichash algorithm for some time. Furthermore, MD5 password hashes inPostgreSQL are vulnerable to pass-the-hash attacks, i.e., knowingthe username and hashed password is sufficient to authenticate.The SCRAM-SHA-256 method added in v10 is not subject to theseproblems and is considered to be superior to MD5.This commit marks MD5 password support in PostgreSQL as deprecatedand to be removed in a future release. The documentation nowcontains several deprecation notices, and CREATE ROLE and ALTERROLE now emit deprecation warnings when setting MD5 passwords. Thewarnings can be disabled by setting the md5_password_warningsparameter to "off".Reviewed-by: Greg Sabino Mullane, Jim NasbyDiscussion:https://postgr.es/m/ZwbfpJJol7lDWajL%40nathan

1 parent9717353 commitdb6a4a9Copy full SHA for db6a4a9

File tree

16 files changed

+135

-0

lines changed

contrib/passwordcheck
- expected
  - passwordcheck.out
  - passwordcheck_1.out
- sql
  - passwordcheck.sql
doc/src/sgml
src
- backend
  - libpq
    - crypt.c
  - utils/misc
    - guc_tables.c
    - postgresql.conf.sample
- include/libpq
  - crypt.h
- test/regress/expected
  - password.out
  - password_1.out

16 files changed

+135

-0

lines changed

`‎contrib/passwordcheck/expected/passwordcheck.out‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+SET md5_password_warnings = off;`
`1`	`2`	`LOAD 'passwordcheck';`
`2`	`3`	`CREATE USER regress_passwordcheck_user1;`
`3`	`4`	`-- ok`

`‎contrib/passwordcheck/expected/passwordcheck_1.out‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+SET md5_password_warnings = off;`
`1`	`2`	`LOAD 'passwordcheck';`
`2`	`3`	`CREATE USER regress_passwordcheck_user1;`
`3`	`4`	`-- ok`

`‎contrib/passwordcheck/sql/passwordcheck.sql‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+SET md5_password_warnings= off;`
`1`	`2`	`LOAD'passwordcheck';`
`2`	`3`
`3`	`4`	`CREATEUSERregress_passwordcheck_user1;`

`‎doc/src/sgml/catalogs.sgml‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1618,6 +1618,15 @@`
`1618`	`1618`	`will store the md5 hash of <literal>xyzzyjoe</literal>.`
`1619`	`1619`	`</para>`
`1620`	`1620`
	`1621`	`+ <warning>`
	`1622`	`+ <para>`
	`1623`	`+ Support for MD5-encrypted passwords is deprecated and will be removed in a`
	`1624`	`+ future release of <productname>PostgreSQL</productname>. Refer to`
	`1625`	`+ <xref linkend="auth-password"/> for details about migrating to another`
	`1626`	`+ password type.`
	`1627`	`+ </para>`
	`1628`	`+ </warning>`
	`1629`	`+`
`1621`	`1630`	`<para>`
`1622`	`1631`	`If the password is encrypted with SCRAM-SHA-256, it has the format:`
`1623`	`1632`	`<synopsis>`

`‎doc/src/sgml/client-auth.sgml‎`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -531,6 +531,15 @@ include_dir <replaceable>directory</replaceable>`
`531`	`531`	`user's password. See <xref linkend="auth-password"/>`
`532`	`532`	`for details.`
`533`	`533`	`</para>`
	`534`	`+ <warning>`
	`535`	`+ <para>`
	`536`	`+ Support for MD5-encrypted passwords is deprecated and will be`
	`537`	`+ removed in a future release of`
	`538`	`+ <productname>PostgreSQL</productname>. Refer to`
	`539`	`+ <xref linkend="auth-password"/> for details about migrating to`
	`540`	`+ another password type.`
	`541`	`+ </para>`
	`542`	`+ </warning>`
`534`	`543`	`</listitem>`
`535`	`544`	`</varlistentry>`
`536`	`545`
`@@ -1260,6 +1269,14 @@ omicron bryanh guest1`
`1260`	`1269`	`server is encrypted for SCRAM (see below), then SCRAM-based`
`1261`	`1270`	`authentication will automatically be chosen instead.`
`1262`	`1271`	`</para>`
	`1272`	`+`
	`1273`	`+ <warning>`
	`1274`	`+ <para>`
	`1275`	`+ Support for MD5-encrypted passwords is deprecated and will be removed`
	`1276`	`+ in a future release of <productname>PostgreSQL</productname>. Refer to`
	`1277`	`+ the text below for details about migrating to another password type.`
	`1278`	`+ </para>`
	`1279`	`+ </warning>`
`1263`	`1280`	`</listitem>`
`1264`	`1281`	`</varlistentry>`
`1265`	`1282`

`‎doc/src/sgml/config.sgml‎`

Lines changed: 24 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1124,6 +1124,14 @@ include_dir 'conf.d'`
`1124`	`1124`	`mechanism, and hence not work with passwords encrypted with`
`1125`	`1125`	`SCRAM-SHA-256. See <xref linkend="auth-password"/> for more details.`
`1126`	`1126`	`</para>`
	`1127`	`+ <warning>`
	`1128`	`+ <para>`
	`1129`	`+ Support for MD5-encrypted passwords is deprecated and will be removed`
	`1130`	`+ in a future release of <productname>PostgreSQL</productname>. Refer`
	`1131`	`+ to <xref linkend="auth-password"/> for details about migrating to`
	`1132`	`+ another password type.`
	`1133`	`+ </para>`
	`1134`	`+ </warning>`
`1127`	`1135`	`</listitem>`
`1128`	`1136`	`</varlistentry>`
`1129`	`1137`
`@@ -7913,6 +7921,22 @@ log_line_prefix = '%m [%p] %q%u@%d/%a '`
`7913`	`7921`	`</listitem>`
`7914`	`7922`	`</varlistentry>`
`7915`	`7923`
	`7924`	`+ <varlistentry id="guc-md5-password-warnings" xreflabel="md5_password_warnings">`
	`7925`	`+ <term><varname>md5_password_warnings</varname> (<type>boolean</type>)`
	`7926`	`+ <indexterm>`
	`7927`	`+ <primary><varname>md5_password_warnings</varname> configuration parameter</primary>`
	`7928`	`+ </indexterm>`
	`7929`	`+ </term>`
	`7930`	`+ <listitem>`
	`7931`	`+ <para>`
	`7932`	`+ Controls whether a <literal>WARNING</literal> about MD5 password`
	`7933`	`+ deprecation is produced when a <command>CREATE ROLE</command> or`
	`7934`	`+ <command>ALTER ROLE</command> statement sets an MD5-encrypted password.`
	`7935`	`+ The default value is <literal>on</literal>.`
	`7936`	`+ </para>`
	`7937`	`+ </listitem>`
	`7938`	`+ </varlistentry>`
	`7939`	`+`
`7916`	`7940`	`</variablelist>`
`7917`	`7941`	`</sect2>`
`7918`	`7942`	`<sect2 id="runtime-config-logging-csvlog">`

`‎doc/src/sgml/libpq.sgml‎`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1341,6 +1341,15 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname`
`1341`	`1341`	`<para>`
`1342`	`1342`	`The server must request MD5 hashed password authentication.`
`1343`	`1343`	`</para>`
	`1344`	`+ <warning>`
	`1345`	`+ <para>`
	`1346`	`+ Support for MD5-encrypted passwords is deprecated and will be`
	`1347`	`+ removed in a future release of`
	`1348`	`+ <productname>PostgreSQL</productname>. Refer to`
	`1349`	`+ <xref linkend="auth-password"/> for details about migrating to`
	`1350`	`+ another password type.`
	`1351`	`+ </para>`
	`1352`	`+ </warning>`
`1344`	`1353`	`</listitem>`
`1345`	`1354`	`</varlistentry>`
`1346`	`1355`

`‎doc/src/sgml/protocol.sgml‎`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -312,6 +312,14 @@`
`312`	`312`	`(Keep in mind the <function>md5()</function> function returns its`
`313`	`313`	`result as a hex string.)`
`314`	`314`	`</para>`
	`315`	`+ <warning>`
	`316`	`+ <para>`
	`317`	`+ Support for MD5-encrypted passwords is deprecated and will be removed`
	`318`	`+ in a future release of <productname>PostgreSQL</productname>. Refer`
	`319`	`+ to <xref linkend="auth-password"/> for details about migrating to`
	`320`	`+ another password type.`
	`321`	`+ </para>`
	`322`	`+ </warning>`
`315`	`323`	`</listitem>`
`316`	`324`	`</varlistentry>`
`317`	`325`

`‎doc/src/sgml/ref/create_role.sgml‎`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -273,6 +273,14 @@ in sync when changing the above synopsis!`
`273`	`273`	`different format). This allows reloading of encrypted passwords`
`274`	`274`	`during dump/restore.`
`275`	`275`	`</para>`
	`276`	`+ <warning>`
	`277`	`+ <para>`
	`278`	`+ Support for MD5-encrypted passwords is deprecated and will be removed`
	`279`	`+ in a future release of <productname>PostgreSQL</productname>. Refer`
	`280`	`+ to <xref linkend="auth-password"/> for details about migrating to`
	`281`	`+ another password type.`
	`282`	`+ </para>`
	`283`	`+ </warning>`
`276`	`284`	`</listitem>`
`277`	`285`	`</varlistentry>`
`278`	`286`

`‎doc/src/sgml/runtime.sgml‎`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2053,6 +2053,16 @@ pg_dumpall -p 5432 \| psql -d postgres -p 5433`
`2053`	`2053`	`is an Internet standard and is more secure than the PostgreSQL-specific`
`2054`	`2054`	`MD5 authentication protocol.`
`2055`	`2055`	`</para>`
	`2056`	`+`
	`2057`	`+ <warning>`
	`2058`	`+ <para>`
	`2059`	`+ Support for MD5-encrypted passwords is deprecated and will be removed in`
	`2060`	`+ a future release of <productname>PostgreSQL</productname>. Refer to`
	`2061`	`+ <xref linkend="auth-password"/> for details about migrating to another`
	`2062`	`+ password type.`
	`2063`	`+ </para>`
	`2064`	`+ </warning>`
	`2065`	`+`
`2056`	`2066`	`</listitem>`
`2057`	`2067`	`</varlistentry>`
`2058`	`2068`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitdb6a4a9

File tree

16 files changed

16 files changed

`‎contrib/passwordcheck/expected/passwordcheck.out‎`

`‎contrib/passwordcheck/expected/passwordcheck_1.out‎`

`‎contrib/passwordcheck/sql/passwordcheck.sql‎`

`‎doc/src/sgml/catalogs.sgml‎`

`‎doc/src/sgml/client-auth.sgml‎`

`‎doc/src/sgml/config.sgml‎`

`‎doc/src/sgml/libpq.sgml‎`

`‎doc/src/sgml/protocol.sgml‎`

`‎doc/src/sgml/ref/create_role.sgml‎`

`‎doc/src/sgml/runtime.sgml‎`

0 commit comments