Re: Password identifiers, protocol aging and SCRAM protocol
| От | Michael Paquier |
|---|---|
| Тема | Re: Password identifiers, protocol aging and SCRAM protocol |
| Дата | |
| Msg-id | CAB7nPqQpek5pUUinmZNMr+n9+vgaUqaxZJ9zWRoMKM8e1uHRHw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Password identifiers, protocol aging and SCRAM protocol (Heikki Linnakangas <hlinnaka@iki.fi>) |
| Ответы |
Re: Password identifiers, protocol aging and SCRAM protocol
Re: Password identifiers, protocol aging and SCRAM protocol |
| Список | pgsql-hackers |
On Mon, Oct 17, 2016 at 5:55 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > On 10/15/2016 04:26 PM, Michael Paquier wrote: >>> >>> * Now that we don't call random() in postmaster anymore, is there any >>> point >>> in calling srandom() there (i.e. where the above incorrect comment was)? >>> Should we remove it? random() might be used by pre-loaded extensions, >>> though. (Hopefully not for cryptographic purposes.) >> >> >> That's the business of the maintainers such modules, so my heart is >> telling me to rip it off, but my mind tells me that there is no point >> in making them unhappy either if they rely on it. I'd trust my mind on >> this one, other opinions are welcome. > > > I kept it for now. Doesn't do any harm either, even if it's unnecessary. > >>> * Should we backport this? Sorry if we discussed that already, but I >>> don't >>> remember. >> >> >> I think that we discussed quickly the point at last PGCon during the >> SCRAM-committee-unofficial meeting, and that we talked about doing >> that only for HEAD. > > > Ok, committed to HEAD. You removed the part of pgcrypto in charge of randomness, nice move. I was wondering about how to do with the perfc and the unix_std at some point, and ripping them off as you did is fine for me. -- Michael
В списке pgsql-hackers по дате отправления: