| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Richard Hector <richard(at)walnut(dot)gen(dot)nz> |
| Cc: | pgsql-docs(at)postgresql(dot)org |
| Subject: | Re: password storage docs |
| Date: | 2018-08-20 02:46:54 |
| Message-ID: | 20180820024654.GE7403@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On Mon, Aug 20, 2018 at 01:35:56PM +1200, Richard Hector wrote:
> I can't find information about the storage format for that at all -
> other than "... and supports storing passwords on the server in a
> cryptographically hashed form that is thought to be secure."
>
> It would be nice to see more information on this.
The SCRAM verifiers stored conform to RFC 5803:
https://tools.ietf.org/html/rfc5803.
This is mentioned in the comments of auth-scram.c. Do you think that
mentioning that in this paragraph of this doc would be useful? We could
for example append "as defined in RFC 5803" in the last sentence.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Doc comments form | 2018-08-21 09:17:35 | Global dict name is listed inconsistently |
| Previous Message | Richard Hector | 2018-08-20 01:35:56 | password storage docs |