| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: User functions for building SCRAM secrets |
| Date: | 2023-04-13 23:27:46 |
| Message-ID: | 6E8F9D0D-2CFC-4DCF-B391-36BB3D9E9D40@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 14 Apr 2023, at 01:14, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
>
> On Tue, Apr 11, 2023 at 11:27:17AM +0200, Magnus Hagander wrote:
>> Having the function always generate a random salt seems more
>> reasonable though, and would perhaps be something that helps in some
>> of the cases? It won't help with the password policy one, as it's too
>> secure for that, but it would help with the postgres-is-the-client
>> one?
>
> While this is still hot.. Would it make sense to have a
> scram_salt_length GUC to control the length of the salt used when
> generating the SCRAM secret?
What would be the intended usecase? I don’t have the RFC handy, does it say anything about salt length?
./daniel
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2023-04-14 03:06:46 | Re: Should we remove vacuum_defer_cleanup_age? |
| Previous Message | Tom Lane | 2023-04-13 23:27:45 | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |