| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: Implementation of SASLprep for SCRAM-SHA-256 |
| Date: | 2017-03-31 07:10:03 |
| Message-ID: | CAB7nPqS1ZToxhUU=9oxpo4J_My9+DM6LiP4KhEFQBw5DW6ywxQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 8, 2017 at 10:39 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Tue, Mar 7, 2017 at 10:01 PM, Michael Paquier
> <michael(dot)paquier(at)gmail(dot)com> wrote:
>> This way, we can be sure that two UTf-8 strings are considered as
>> equivalent in a SASL exchange, in our case we care about the password
>> string (we should care about the username as well). Without SASLprep,
>> our implementation of SCRAM may fail with other third-part tools if
>> passwords are not made only of ASCII characters. And that sucks.
>
> Agreed. I am not sure this quite rises to the level of a stop-ship
> issue; we could document the restriction.
I am not sure about that, what we have now on HEAD is still useful and
better than MD5.
> However, that's pretty ugly; it would be a whole lot better to get this fixed.
Agreed.
> I kinda hope Heikki is going to step up to the plate here, because I
> think he understands most of it already.
The second person who knows a good deal about NFKC is Ishii-san.
Attached is a rebased patch.
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Implement-SASLprep-aka-NFKC-for-SCRAM-authentication.patch.gz | application/x-gzip | 61.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tsunakawa, Takayuki | 2017-03-31 07:10:44 | [bug fix] Savepoint-related statements terminates connection |
| Previous Message | Dilip Kumar | 2017-03-31 07:01:31 | Re: Patch: Write Amplification Reduction Method (WARM) |