Re: Possible to store invalid SCRAM-SHA-256 Passwords

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>
Cc: Michael Paquier <michael(at)paquier(dot)xyz>, pgsql-bugs(at)lists(dot)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>
Subject: Re: Possible to store invalid SCRAM-SHA-256 Passwords
Date: 2019-04-22 23:55:34
Message-ID: 434.1555977334@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

"Jonathan S. Katz" <jkatz(at)postgresql(dot)org> writes:
> I debated adding a test...without being able to simulate a log in, I
> don't know if it tests much other than "yes, you can store an invalid
> md5 hash and it treats it as plaintext."

You could probably build something using TAP testing, cf
src/test/authentication/t/001_password.pl

But I really doubt it's worth the trouble ...

regards, tom lane

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Michael Paquier 2019-04-23 00:06:19 Re: Possible to store invalid SCRAM-SHA-256 Passwords
Previous Message Jonathan S. Katz 2019-04-22 23:36:45 Re: Possible to store invalid SCRAM-SHA-256 Passwords