Re: CREATE/ALTER ROLE PASSWORD ('value' USING 'method')

From: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
To: Joe Conway <mail(at)joeconway(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: CREATE/ALTER ROLE PASSWORD ('value' USING 'method')
Date: 2017-03-09 12:59:09
Message-ID: CAB7nPqQjhY7f9Gsg6wp3yjOos7k5eOxP+zB0ZuW7YMh1P8dTYw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Mar 9, 2017 at 1:17 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 03/07/2017 08:29 PM, Tom Lane wrote:
>> Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
>>> here is a separate thread dedicated to the following extension for
>>> CREATE/ALTER ROLE: PASSWORD ('value' USING 'method').
>>
>> The parentheses seem weird ... do we really need those?
>
> +1

Seeing 3 opinions in favor of that, let's do so then. I have updated
the patch to not use parenthesis.

>> + If you do not plan to use password authentication you can omit this
>> + option. The methods supported are <literal>md5</> to enforce a password
>> + to be MD5-encrypted, <literal>scram</> for a SCRAM-encrypted password
>> + and <literal>plain</> for an unencrypted password. If the password
>
> Can we please stop calling this encryption? What is being done is a form
> of cryptographic hashing, not encryption.

Yes, I agree with that for MD5, and after looking around I can see
(like here http://prosody.im/doc/plain_or_hashed) as well that
SCRAM-hashed is used. Now, there are as well references to the salt,
like in protocol.sgml:
"The salt to use when encrypting the password."
Joe, do you think that in this case using the term "hashing" would be
more appropriate? I would think so as we use it to hash the password.

The patch attached removes the parenthesis for this grammar, and uses
"hashed" instead of "encrypted" for the new documentation. For the
existing documentation, perhaps we had better just spawn a new thread,
but I am unsure of all the details yet. Opinions welcome.
--
Michael

Attachment Content-Type Size
0001-Add-clause-PASSWORD-val-USING-protocol-to-CREATE-ALT.patch application/octet-stream 12.8 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Rushabh Lathia 2017-03-09 13:21:41 Re: Gather Merge
Previous Message Robert Haas 2017-03-09 12:58:37 Re: Parallel Append implementation