Re: BUG #15911: Why no Bcrypt in pg_hba.conf?
| От | Tom Lane |
|---|---|
| Тема | Re: BUG #15911: Why no Bcrypt in pg_hba.conf? |
| Дата | |
| Msg-id | 9218.1563300642@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: BUG #15911: Why no Bcrypt in pg_hba.conf? (Andrew Gierth <andrew@tao11.riddles.org.uk>) |
| Ответы |
Re: BUG #15911: Why no Bcrypt in pg_hba.conf?
|
| Список | pgsql-bugs |
Andrew Gierth <andrew@tao11.riddles.org.uk> writes:
> "PG" == PG Bug reporting form <noreply@postgresql.org> writes:
> PG> Can you please add `bcrypt` as method option?
> Not unless it gets added to the SCRAM specification.
> Note that our primary goal here is to provide a secure and standard
> challenge-response authentication mechanism, not to provide random
> alternate algorithms for password storage.
Worth noting here is that for us, the price of an additional
authentication mechanism is very high, because it's not just a matter
of adding some code to the server. Client-side libraries also need to
be taught about it, and most of those are not maintained by the core
PG project. So it takes years to make anything happen --- the
addition of SCRAM is still a work in progress, for example.
Thus, we aren't going to add stuff on a whim, and when we do add some
new mechanism, there has to be a really solid argument that it's a
*significant* advance over what we have.
regards, tom lane
В списке pgsql-bugs по дате отправления: