Re: User functions for building SCRAM secrets

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>
Cc: Andres Freund <andres(at)anarazel(dot)de>, Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: User functions for building SCRAM secrets
Date: 2023-03-22 06:48:46
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Tue, Feb 14, 2023 at 06:16:18PM -0500, Jonathan S. Katz wrote:
> I opted for the approach in [2]. v5 contains the branching logic for the
> UTF8 only tests, and the corresponding output files. I tested locally on
> macOS against both UTF8 + C locales.

I was reading this thread again, and pondered on this particular

We've had our share of complains over the years that Postgres logs
password data in the logs with various DDLs, so I'd tend to agree that
this is not a practice we should try to encourage more. The
parameterization of the SCRAM verifiers through GUCs (like Daniel's for the iteration number)
is more promising because it is possible to not have to send the
password over the wire with once we let libpq take care of the
computation, and the server would not know about that.

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Önder Kalacı 2023-03-22 06:53:04 Re: Dropped and generated columns might cause wrong data on subs when REPLICA IDENTITY FULL
Previous Message Peter Eisentraut 2023-03-22 06:45:18 Re: Set arbitrary GUC options during initdb