| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | John R Pierce <pierce(at)hogranch(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Not storing MD5 hashed passwords |
| Date: | 2015-10-15 03:09:17 |
| Message-ID: | CAMkU=1z+hYx9m_3cQ10PUN-8GohnS6rER2V=DiBoJDD6rotaPQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Oct 14, 2015 at 5:49 PM, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
wrote:
> On Thu, Oct 15, 2015 at 7:19 AM, Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
> > On Wed, Oct 14, 2015 at 1:41 PM, John R Pierce <pierce(at)hogranch(dot)com>
> wrote:
> >>
> >> On 10/14/2015 1:31 PM, Quiroga, Damian wrote:
> >>
> >>
> >>
> >> Does postgres support other (stronger) hashing algorithms than MD5 to
> >> store the database passwords at disk?
> >>
> >> If not, is there any plan to move away from MD5?
> > There are proposals to do so, the most advanced one I know of is with
> SCRAM.
> > But I don't think any of them have turned into actual plans yet.
>
> I would not be so sure, I heard of a patch regarding that for 9.6:
> https://commitfest.postgresql.org/6/320/
Right, that is the proposal I was thinking of. I didn't think it had
enough community consensus yet on that specific design to promote it to a
"plan", though, rather than a proposal. I feel a bit guilty about not
having done more to review it, but it is a pretty intimidating thing to
review for someone not already an expert in the field.
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Leiseboer | 2015-10-15 05:38:13 | How to get the session user in a C user defined function |
| Previous Message | Tiger Nassau | 2015-10-15 01:57:47 | Re: using postgresql for session |