Re: scram and \password

On Thu, Apr 27, 2017 at 3:22 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> You could argue, that since we need to document how to avoid the query and
> the blocking, we might as well always require the application to run the
> "show password_encryption" query before calling PQencryptPasswordConn(). But
> I'd like to offer the convenience for the majority of applications that
> don't mind blocking.

I still think that's borrowing trouble. It just seems like too
critical of a thing to have a default -- if the convenience logic gets
it wrong and encrypts the password in a manner not intended by the
user, that could (a) amount to a security vulnerability or (b) lock
you out of your account. If you ask your significant other "where do
you want to go to dinner?" and can't get a clear answer out of them
after some period of time, it's probably OK to assume they don't care
that much and you can just pick something. If you ask the
commander-in-chief "which country should we fire the missiles at?" and
you don't get a clear and unambiguous answer, just picking something
is not a very good idea.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company