Re: [HACKERS] scram and \password
| От | Tom Lane |
|---|---|
| Тема | Re: [HACKERS] scram and \password |
| Дата | |
| Msg-id | 28651.1489758141@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: [HACKERS] scram and \password (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
Robert Haas <robertmhaas@gmail.com> writes:
> On Fri, Mar 17, 2017 at 8:32 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
>> It would make sense to have \password obey password_encryption GUC. Then
>> \password and ALTER USER would do the same thing, which would be less
>> surprising. Although it's also a bit weird for a GUC to affect client-side
>> behavior, so perhaps better to just document that \password will create a
>> SCRAM verifier, unless you explicitly tell it to create an MD5 hash, and add
>> a 'method' parameter to it.
> Either of those would be fine with me, but I think we should do one of them.
I vote for the second one; seems much less surprising and action-at-a-
distance-y. And I think the entire point of \password is to *not* do
exactly what a bare ALTER USER would do, but to superimpose a layer of
best practice on it. We certainly want to define use of SCRAM as being
best practice.
regards, tom lane
В списке pgsql-hackers по дате отправления: