From: | Jacob Champion <jchampion(at)timescale(dot)com> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org> |
Subject: | Re: User functions for building SCRAM secrets |
Date: | 2022-11-10 21:07:42 |
Message-ID: | CAAWbhmhQUpQnSSFPr5+tp3uK9R1HF2H733cgwHjq1wcv6JC4Og@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Nov 8, 2022 at 9:28 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Tue, Nov 08, 2022 at 04:57:09PM -0800, Jacob Champion wrote:
> > But I guess that wouldn't really help with ALTER ROLE ... PASSWORD,
> > because you can't parameterize it. Hm...
>
> Yeah, and I'd like to think that this is never something we should
> allow, either, as that could be easily a footgun for users (?).
What would make it unsafe? I don't know a lot about the tradeoffs for
parameterizing queries.
--Jacob
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2022-11-10 23:09:23 | Re: Call lazy_check_wraparound_failsafe earlier for parallel vacuum |
Previous Message | David E. Wheeler | 2022-11-10 20:55:53 | JSONPath Child Operator? |