From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: Possible to store invalid SCRAM-SHA-256 Passwords |
Date: | 2019-04-23 00:06:19 |
Message-ID: | 20190423000619.GD2712@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Mon, Apr 22, 2019 at 09:52:15AM -0400, Stephen Frost wrote:
> I recall having exactly that debate when SCRAM was being worked on and
> the push-back basically being that it was more work and we'd have to
> have additional syntax for ALTER USER, et al. I wish I had had more
> time to spend on that discussion. Water under the bridge now, but
> hopefully we learn from this and maybe someone refactors how this works
> sometime soon (or, at least, whenever we add the next password
> encoding).
I am not sure that this would have been more work for ALTER TABLE as
we could have relied on just password_encryption to do the work as we
do now. The reluctance was to have more additional columns in
pg_authid as far as I recall, and I sided with having a separate
catalog, and more independent verifier type checks in the catalogs, as
you may recall, which would have also eased password rollups for a
given role.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2019-04-23 01:01:42 | Re: Possible to store invalid SCRAM-SHA-256 Passwords |
Previous Message | Tom Lane | 2019-04-22 23:55:34 | Re: Possible to store invalid SCRAM-SHA-256 Passwords |