| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)lists(dot)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: Possible to store invalid SCRAM-SHA-256 Passwords |
| Date: | 2019-04-23 06:57:01 |
| Message-ID: | 20190423065701.GL2712@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, Apr 23, 2019 at 11:10:18AM +0900, Michael Paquier wrote:
> That's a hard morning... Yes you are right and I can see the failure.
> By the way, grouping everything in one patch looks more adapted to me
> as this tightens all the checks for the different verifier types.
The afternoon has been better. I have double-checked your patch and
committed it down to v10. Now, there are two things which may need
extra handling:
- Do we add a note in the release notes about that with a SQL query
checking the state of pg_authid?
- In ~9.6 we include in md5.h a macro which does not care about hex
characters in the MD5 hash. I think that we should fix that as well,
or perhaps that's not worth caring per the lack of complaints?
Attached is what would be needed.
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| md5-check-96-v1.patch | text/x-diff | 585 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan S. Katz | 2019-04-23 14:19:30 | Re: Possible to store invalid SCRAM-SHA-256 Passwords |
| Previous Message | PG Bug reporting form | 2019-04-23 03:19:21 | BUG #15775: pg_get_indexdef: could not open relation with OID 16385 |