| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Raising the SCRAM iteration count |
| Date: | 2023-03-07 04:53:00 |
| Message-ID: | ZAbDLGf7Xx8wlbij@paquier.xyz |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Mar 03, 2023 at 11:13:36PM +0100, Daniel Gustafsson wrote:
> That would indeed be nice, but is there a way to do this without a complicated
> pump TAP expression? I was unable to think of a way but I might be missing
> something?
A SET command refreshes immediately the cache information of the
connection in pqSaveParameterStatus()@libpq, so a test in password.sql
with \password would be enough to check the computation happens in
pg_fe_scram_build_secret() with the correct iteration number. Say
like:
=# SET scram_iterations = 234;
SET
=# \password
Enter new password for user "postgres": TYPEME
Enter it again: TYPEME
=# select substr(rolpassword, 1, 18) from pg_authid
where oid::regrole::name = current_role;
substr
--------------------
SCRAM-SHA-256$234:
(1 row)
Or perhaps I am missing something?
Thanks,
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2023-03-07 04:56:24 | Re: Combine pg_walinspect till_end_of_wal functions with others |
| Previous Message | David G. Johnston | 2023-03-07 04:46:42 | Re: NumericShort vs NumericLong format |