On Tue, 2023-10-17 at 22:52 -0400, Stephen Frost wrote:
> Reading back through the thread, from a user perspective, the primary
> one seems to be that passwords are expected to be named. I'm
> surprised
> this is being brought up as such a serious concern. Lots and lots
> and
> lots of things in the system require naming, after all, and the idea
> that this is somehow harder or more of an issue is quite odd to me.
In the simplest intended use case, the names will be arbitrary and
temporary. It's easy for me to imagine someone wondering "was I
supposed to delete 'bear' or 'lion'?". For indexes and other objects,
there's a lot more to go on, easily visible with \d.
Now, obviously that is not the end of the world, and the user could
prevent that problem a number of different ways. And we can do things
like improve the monitoring of password use, and store the password
creation time, to help users if they are confused. So I don't raise
concerns about naming as an objection to the feature overall, but
rather a concern that we aren't getting it quite right.
Maybe a name should be entirely optional, more like a comment, and the
passwords can be referenced by the salt? The salt needs to be unique
for a given user anyway.
(Aside: is the uniqueness of the salt enforced in the current patch?)
Regards,
Jeff Davis