| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: User functions for building SCRAM secrets |
| Date: | 2023-03-22 06:48:46 |
| Message-ID: | ZBqkzrlU696I7RvG@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Feb 14, 2023 at 06:16:18PM -0500, Jonathan S. Katz wrote:
> I opted for the approach in [2]. v5 contains the branching logic for the
> UTF8 only tests, and the corresponding output files. I tested locally on
> macOS against both UTF8 + C locales.
I was reading this thread again, and pondered on this particular
point:
https://www.postgresql.org/message-id/CAAWbhmhjcFc4oaGA_7YLUhtj6J+rxEY+BoDryGzNdaFLGfZZMg@mail.gmail.com
We've had our share of complains over the years that Postgres logs
password data in the logs with various DDLs, so I'd tend to agree that
this is not a practice we should try to encourage more. The
parameterization of the SCRAM verifiers through GUCs (like Daniel's
https://commitfest.postgresql.org/42/4201/ for the iteration number)
is more promising because it is possible to not have to send the
password over the wire with once we let libpq take care of the
computation, and the server would not know about that.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Önder Kalacı | 2023-03-22 06:53:04 | Re: Dropped and generated columns might cause wrong data on subs when REPLICA IDENTITY FULL |
| Previous Message | Peter Eisentraut | 2023-03-22 06:45:18 | Re: Set arbitrary GUC options during initdb |