| From: | Jacob Champion <jchampion(at)timescale(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org> |
| Subject: | Re: User functions for building SCRAM secrets |
| Date: | 2022-11-09 00:57:09 |
| Message-ID: | 7176a80d-cae7-dfe2-d9db-862387b24243@timescale.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 11/8/22 12:26, Peter Eisentraut wrote:
> On 04.11.22 21:39, Jacob Champion wrote:
>> I don't think it's helpful for me to try to block progress on this
>> patchset behind the other one. But is there a way for me to help this
>> proposal skate in the same general direction? Could Peter's encryption
>> framework expand to fit this case in the future?
>
> We already have support in libpq for doing this (PQencryptPasswordConn()).
Sure, but you can't access that in SQL, right? The hand-wavy part is to
combine that existing function with your transparent encryption
proposal, as a special-case encryptor whose output could be bound to the
query.
But I guess that wouldn't really help with ALTER ROLE ... PASSWORD,
because you can't parameterize it. Hm...
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Pryzby | 2022-11-09 01:04:37 | Re: Cygwin cleanup |
| Previous Message | Andres Freund | 2022-11-09 00:54:00 | Re: Slow standby snapshot |