Re: [HACKERS] Changing references of password encryption to hashing

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [HACKERS] Changing references of password encryption to hashing
Date: 2023-11-29 22:01:57
Message-ID: 20231129220157.GA1260955@nathanxps13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Nov 29, 2023 at 04:02:11PM -0500, Robert Haas wrote:
> I'd fully support having good documentation that says "hey, here are
> the low security authentication configurations, here are the
> medium-security ones, here are the high security ones, and here's why
> these ones are better than those ones and what they protect against
> and what risks remain." That would be awesome.

+1. IMO the "Password Authentication" section [0] does this pretty well
already.

[0] https://www.postgresql.org/docs/devel/auth-password.html

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Matthias van de Meent 2023-11-29 22:59:33 Re: Parallel CREATE INDEX for BRIN indexes
Previous Message Gurjeet Singh 2023-11-29 21:43:46 Re: Fwd: BUG #18016: REINDEX TABLE failure