From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
Cc: | Joe Conway <mail(at)joeconway(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Changing references of password encryption to hashing |
Date: | 2017-03-16 03:19:32 |
Message-ID: | 20170316031932.GA30261@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Mar 13, 2017 at 04:48:21PM +0800, Craig Ringer wrote:
> On 12 March 2017 at 06:51, Joe Conway <mail(at)joeconway(dot)com> wrote:
>
> > My opinion is that the user visible aspects of this should be deprecated
> > and correct syntax provided. But perhaps that is overkill.
>
> FWIW, in my experience, pretty much nobody understands the pretty
> tangled behaviour of "WITH [ENCRYPTED] PASSWORD", you have to
> understand the fact table of:
>
> * ENCRYPTED, UNENCRYPTED or neither set
> * password_encryption GUC on or off
> * password begins / doesn't begin with fixed string 'md5'
>
> to fully know what will happen.
>
> Then of course, you have to understand how all this interacts with
> pg_hba.conf's 'password' and 'md5' options.
>
> It's a right mess. Since our catalogs don't keep track of the hash
> separately to the password text and use prefixes instead, and since we
> need compatibility for dumps, it's hard to do a great deal about
> though.
With SCRAM coming in PG 10, is there anything we can do to clean this up
for PG 10?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2017-03-16 03:24:41 | Re: [REVIEW] macaddr 64 bit (EUI-64) datatype support |
Previous Message | Ashutosh Sharma | 2017-03-16 03:01:47 | Re: Microvacuum support for Hash Index |