Re: Possible to store invalid SCRAM-SHA-256 Passwords
| От | Stephen Frost |
|---|---|
| Тема | Re: Possible to store invalid SCRAM-SHA-256 Passwords |
| Дата | |
| Msg-id | 20190423144306.GQ6197@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: Possible to store invalid SCRAM-SHA-256 Passwords (Michael Paquier <michael@paquier.xyz>) |
| Список | pgsql-bugs |
Greetings, * Michael Paquier (michael@paquier.xyz) wrote: > On Mon, Apr 22, 2019 at 09:52:15AM -0400, Stephen Frost wrote: > > I recall having exactly that debate when SCRAM was being worked on and > > the push-back basically being that it was more work and we'd have to > > have additional syntax for ALTER USER, et al. I wish I had had more > > time to spend on that discussion. Water under the bridge now, but > > hopefully we learn from this and maybe someone refactors how this works > > sometime soon (or, at least, whenever we add the next password > > encoding). > > I am not sure that this would have been more work for ALTER TABLE as > we could have relied on just password_encryption to do the work as we > do now. The reluctance was to have more additional columns in > pg_authid as far as I recall, and I sided with having a separate > catalog, and more independent verifier type checks in the catalogs, as > you may recall, which would have also eased password rollups for a > given role. Yes, having an indepedent catalog table would have been a good approach too, much better than where we're at now. I hope someone has time to work on that for a future version. Thanks! Stephen
Вложения
В списке pgsql-bugs по дате отправления: