|From:||Bruce Momjian <bruce(at)momjian(dot)us>|
|To:||Craig Ringer <craig(at)2ndquadrant(dot)com>|
|Cc:||Joe Conway <mail(at)joeconway(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>|
|Subject:||Re: Changing references of password encryption to hashing|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
On Mon, Mar 13, 2017 at 04:48:21PM +0800, Craig Ringer wrote:
> On 12 March 2017 at 06:51, Joe Conway <mail(at)joeconway(dot)com> wrote:
> > My opinion is that the user visible aspects of this should be deprecated
> > and correct syntax provided. But perhaps that is overkill.
> FWIW, in my experience, pretty much nobody understands the pretty
> tangled behaviour of "WITH [ENCRYPTED] PASSWORD", you have to
> understand the fact table of:
> * ENCRYPTED, UNENCRYPTED or neither set
> * password_encryption GUC on or off
> * password begins / doesn't begin with fixed string 'md5'
> to fully know what will happen.
> Then of course, you have to understand how all this interacts with
> pg_hba.conf's 'password' and 'md5' options.
> It's a right mess. Since our catalogs don't keep track of the hash
> separately to the password text and use prefixes instead, and since we
> need compatibility for dumps, it's hard to do a great deal about
With SCRAM coming in PG 10, is there anything we can do to clean this up
for PG 10?
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
|Next Message||Stephen Frost||2017-03-16 03:24:41||Re: [REVIEW] macaddr 64 bit (EUI-64) datatype support|
|Previous Message||Ashutosh Sharma||2017-03-16 03:01:47||Re: Microvacuum support for Hash Index|