Re: [HACKERS] Changing references of password encryption to hashing
| От | Bruce Momjian |
|---|---|
| Тема | Re: [HACKERS] Changing references of password encryption to hashing |
| Дата | |
| Msg-id | 20170316031932.GA30261@momjian.us обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Changing references of password encryption to hashing (Craig Ringer <craig@2ndquadrant.com>) |
| Список | pgsql-hackers |
On Mon, Mar 13, 2017 at 04:48:21PM +0800, Craig Ringer wrote: > On 12 March 2017 at 06:51, Joe Conway <mail@joeconway.com> wrote: > > > My opinion is that the user visible aspects of this should be deprecated > > and correct syntax provided. But perhaps that is overkill. > > FWIW, in my experience, pretty much nobody understands the pretty > tangled behaviour of "WITH [ENCRYPTED] PASSWORD", you have to > understand the fact table of: > > * ENCRYPTED, UNENCRYPTED or neither set > * password_encryption GUC on or off > * password begins / doesn't begin with fixed string 'md5' > > to fully know what will happen. > > Then of course, you have to understand how all this interacts with > pg_hba.conf's 'password' and 'md5' options. > > It's a right mess. Since our catalogs don't keep track of the hash > separately to the password text and use prefixes instead, and since we > need compatibility for dumps, it's hard to do a great deal about > though. With SCRAM coming in PG 10, is there anything we can do to clean this up for PG 10? -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
В списке pgsql-hackers по дате отправления: