Re: pg_authid.rolpassword format (was Re: [HACKERS] Passwordidentifiers, protocol aging and SCRAM protocol)
| От | Joshua D. Drake |
|---|---|
| Тема | Re: pg_authid.rolpassword format (was Re: [HACKERS] Passwordidentifiers, protocol aging and SCRAM protocol) |
| Дата | |
| Msg-id | 708b944a-46cf-12c6-711b-ec6280946162@commandprompt.com обсуждение исходный текст |
| Ответ на | Re: Password identifiers, protocol aging and SCRAM protocol (Michael Paquier <michael.paquier@gmail.com>) |
| Список | pgsql-hackers |
On 12/14/2016 11:41 AM, Stephen Frost wrote: > * Heikki Linnakangas (hlinnaka@iki.fi) wrote: >> On 14 December 2016 20:12:05 EET, Bruce Momjian <bruce@momjian.us> wrote: >>> On Wed, Dec 14, 2016 at 11:27:15AM +0100, Magnus Hagander wrote: > Storing plaintext passwords has been bad form for just about forever and > I wouldn't be sad to see our support of it go. At the least, as was > discussed somewhere, but I'm not sure where it ended up, we should give > administrators the ability to control what ways a password can be > stored. In particular, once a user has migrated all of their users to > SCRAM, they should be able to say "don't let new passwords be in any > format other than SCRAM-SHA-256". It isn't as bad as it used to be. I remember with PASSWORD was the default. I agree that we should be able to set a policy that says, "we only allow X for password storage". JD > > Thanks! > > Stephen > -- Command Prompt, Inc. http://the.postgres.company/ +1-503-667-4564 PostgreSQL Centered full stack support, consulting and development. Everyone appreciates your honesty, until you are honest with them.
В списке pgsql-hackers по дате отправления: