| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Aleksander Alekseev <a(dot)alekseev(at)postgrespro(dot)ru>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SCRAM authentication, take three |
| Date: | 2017-05-02 18:57:07 |
| Message-ID: | CA+TgmoZOKJwN=-jxVi2cAP+7m-QYTTf1WveAhwLUrX+3Fkoc8Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Apr 18, 2017 at 7:58 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> Yeah, that would be reasonable. It can't be called just "password",
>> though, because there's no way to implement "password-or-md5-or-scram" in a
>> sensible way (see my reply to Simon at [1]). Unless we remove the support
>> for what "password" does today altogether, and redefine "password" to mean
>> just "md5-or-beyond". Which might not be a bad idea, but that's a separate
>> discussion.
>
> It is an interesting one though. "password" today is really only useful in
> the case of db_user_namespace=on, right? Given the very few people I think
> are using that feature, it wouldn't be unreasonable to rename it to
> something more closely related to that.
I think it would be nice to have something with the same functionality
as db_user_namespace that smells less like a giant hack.
Does db_user_namespace work with SCRAM?
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-05-02 18:59:14 | Re: Ongoing issues with representation of empty arrays |
| Previous Message | Robert Haas | 2017-05-02 18:51:35 | Re: Typos in comments in partition.c |