Quick Links

Re: Possible to store invalid SCRAM-SHA-256 Passwords

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	"Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>
Cc:	Michael Paquier <michael(at)paquier(dot)xyz>, pgsql-bugs(at)lists(dot)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>
Subject:	Re: Possible to store invalid SCRAM-SHA-256 Passwords
Date:	2019-04-23 01:28:19
Message-ID:	11304.1555982899@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

"Jonathan S. Katz" <jkatz(at)postgresql(dot)org> writes:
> I did purposely keep the SCRAM + MD5 changes as separate patches as I
> felt they were both atomic, but I have no strong opinions on that.

FWIW, it looks like one patch to me: tighten our checks on whether
supposedly-encoded passwords fit the encoding rules.

regards, tom lane

In response to

Re: Possible to store invalid SCRAM-SHA-256 Passwords at 2019-04-23 01:26:01 from Jonathan S. Katz

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Michael Paquier	2019-04-23 02:10:18	Re: Possible to store invalid SCRAM-SHA-256 Passwords
Previous Message	Jonathan S. Katz	2019-04-23 01:26:01	Re: Possible to store invalid SCRAM-SHA-256 Passwords