| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: scram and \password |
| Date: | 2017-05-02 16:47:33 |
| Message-ID: | CA+TgmoZ1oCu6pdRaj4sexaSPUooLcgRzrwd6qMV-SB7JsqTAmQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, May 2, 2017 at 3:42 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> There's going to be a default, one way or another. The default is going to
> come from password_encryption, or it's going to be a hard-coded value or
> logic based on server-version in PQencryptPasswordConn(). Or it's going to
> be a hard-coded value or logic implemented in every application that uses
> PQencryptPasswordConn(). I think looking at password_encryption makes the
> most sense. The application is not in a good position to make the decision,
> and forcing the end-user to choose every time they change a password is too
> onerous.
I think there should be no default, and the caller should have to pass
the algorithm explicitly. If they want to determine what default to
pass by running 'SHOW password_encryption', that's their choice.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Corey Huinker | 2017-05-02 16:51:35 | Re: CTE inlining |
| Previous Message | Robert Haas | 2017-05-02 16:45:35 | Re: Concurrent ALTER SEQUENCE RESTART Regression |