From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: reducing our reliance on MD5 |
Date: | 2015-02-11 13:52:16 |
Message-ID: | CA+TgmoaPGxZuW=BSyRZ98=hEM-YPfu0Z1jgxgcTUw7N0MRoYxg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Feb 11, 2015 at 8:02 AM, Heikki Linnakangas
<hlinnakangas(at)vmware(dot)com> wrote:
> On 02/11/2015 02:49 PM, Robert Haas wrote:
>> So, this all sounds fairly nice if somebody's willing to do the work,
>> but I can't help noticing that you originally proposed adopting SCRAM
>> in 2012, and it's 2015 now. So I wonder if anyone's really going to
>> do all this work, and if not, whether we should go for something
>> simpler. Just plugging something else in for MD5 would be a lot less
>> work for us to implement and for clients to support, even if it is (as
>> it unarguably is) less elegant.
>
> "Just plugging something else in for MD5" would still be a fair amount of
> work. Not that much less than the full program I proposed.
>
> Well, I guess it's easier if you immediately stop supporting MD5, have a
> "flag day" in all clients to implement the replacement, and break
> pg_dump/restore of passwords in existing databases. That sounds horrible.
> Let's do this properly. I can help with that, although I don't know if I'll
> find the time and enthusiasm to do all of it alone.
So are you thinking to integrate with the Cyrus SASL library, or do
you have another thought?
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Syed, Rahila | 2015-02-11 14:03:00 | Re: [REVIEW] Re: Compression of full-page-writes |
Previous Message | David Fetter | 2015-02-11 13:48:55 | Re: ibm system z in the buildfarm |