| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Subject: | Re: [PoC] Let libpq reject unexpected authentication requests |
| Date: | 2024-12-20 01:02:19 |
| Message-ID: | CAOYmi+kENFySPswKv70-8kBy8FnR2jKqvpznMeeqsALmngQKhg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> Please note that the CF entry has been marked as committed. We should
> really do something about having a cleaner separation between SASL,
> the mechanisms and the AUTH_REQ_* codes, in the long term, though
> honestly I don't know yet what would be the most elegant and the least
> error-prone approach. And for anything that touches authentication,
> simpler means better.
I've taken another shot at this over on the OAuth thread [1], for
those who are still interested; see v40-0002. It's more code than my
previous attempt, but I think it does a clearer job of separating the
two concerns.
Thanks,
--Jacob
[1] https://postgr.es/m/CAOYmi+=FzVg+C-pQHCwjW0qU-POHmzZaD2z3CdsACj==14H8kQ@mail.gmail.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-12-20 01:07:49 | Re: pure parsers and reentrant scanners |
| Previous Message | Jacob Champion | 2024-12-20 01:00:03 | Re: [PoC] Federated Authn/z with OAUTHBEARER |