| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Gurjeet Singh <gurjeet(at)singh(dot)im> |
| Cc: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, "Brindle, Joshua" <joshuqbr(at)amazon(dot)com>, Jacob Champion <jchampion(at)timescale(dot)com> |
| Subject: | Re: [PoC/RFC] Multiple passwords, interval expirations |
| Date: | 2023-10-06 20:29:24 |
| Message-ID: | 3ba7717e5493f3c3b45127457f540b7811f6f6e1.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 2023-10-05 at 14:28 -0700, Gurjeet Singh wrote:
> This way there's a notion of a 'new' and 'old' passwords.
IIUC, you are proposing that there are exactly two slots, NEW and OLD.
When adding a password, OLD must be unset and it moves NEW to OLD, and
adds the new password in NEW. DROP only works on OLD. Is that right?
It's close to the idea of deprecation, except that adding a new
password implicitly deprecates the existing one. I'm not sure about
that -- it could be confusing.
We could also try using a verb like "expire" that could be coupled with
a date, and that way all old passwords would always have some validity
period. That might make it a bit easier to manage if we do need more
than two passwords.
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2023-10-06 20:32:41 | Re: Fix output of zero privileges in psql |
| Previous Message | Laurenz Albe | 2023-10-06 20:28:20 | Re: Restoring default privileges on objects |