| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Álvaro Hernández Tortosa <aht(at)8kdata(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SCRAM protocol documentation |
| Date: | 2017-08-11 13:25:54 |
| Message-ID: | bd9fce76-0a80-74b1-c7bb-4186ca656344@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 8/11/17 07:18, Michael Paquier wrote:
> The problem is where a username includes characters as a comma or '=',
> which can be avoided if the string is in UTF-8 as the username is
> prepared with SASLprep before being used in the SASL exchange, but we
> have no way now to be sure now that the string is actually in UTF-8.
> If at some point we decide that only things using UTF-8 are good to be
> used during authentication, using the username in the exchange
> messages instead of the one in the startup packet would be fine and
> actually better IMO in the long term. Please note that the
> specification says that both the username and the password must be
> encoded in UTF-8, so we are not completely compliant here. If there is
> something to address, that would be this part.
So we already handle passwords. Can't we handle user names the same way?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2017-08-11 13:27:48 | Re: SCRAM protocol documentation |
| Previous Message | Ashutosh Sharma | 2017-08-11 13:21:56 | Re: Page Scan Mode in Hash Index |