| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org, github(at)marco(dot)sulla(dot)e4ward(dot)com |
| Subject: | Re: BUG #15911: Why no Bcrypt in pg_hba.conf? |
| Date: | 2019-07-16 18:10:42 |
| Message-ID: | 9218.1563300642@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> writes:
> "PG" == PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> PG> Can you please add `bcrypt` as method option?
> Not unless it gets added to the SCRAM specification.
> Note that our primary goal here is to provide a secure and standard
> challenge-response authentication mechanism, not to provide random
> alternate algorithms for password storage.
Worth noting here is that for us, the price of an additional
authentication mechanism is very high, because it's not just a matter
of adding some code to the server. Client-side libraries also need to
be taught about it, and most of those are not maintained by the core
PG project. So it takes years to make anything happen --- the
addition of SCRAM is still a work in progress, for example.
Thus, we aren't going to add stuff on a whim, and when we do add some
new mechanism, there has to be a really solid argument that it's a
*significant* advance over what we have.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2019-07-16 18:25:54 | Re: ERROR: found unexpected null value in index |
| Previous Message | PG Bug reporting form | 2019-07-16 17:49:14 | BUG #15913: Could not open relation with oid on PL/pgSQL method referencing temporary table that got recreated |