PG Doc comments form <noreply(at)postgresql(dot)org> writes:
> The 18.4 release notes say this: "Use timing-safe string comparisons in
> authentication code (Michael Paquier) Use timingsafe_bcmp() instead of
> memcpy() or strcmp() when checking passwords, ..."
> I think that should be memcmp() instead of memcpy().
Sigh, you're right --- that's my thinko. Will fix in git for posterity's
sake, though the notes are already out and probably no-one will care
anymore by the time of the next release.
regards, tom lane