Re: User functions for building SCRAM secrets

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Daniel Gustafsson <daniel(at)yesql(dot)se>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: User functions for building SCRAM secrets
Date: 2023-04-13 23:14:07
Message-ID: ZDiMv+R3a+q/lpZA@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Apr 11, 2023 at 11:27:17AM +0200, Magnus Hagander wrote:
> Having the function always generate a random salt seems more
> reasonable though, and would perhaps be something that helps in some
> of the cases? It won't help with the password policy one, as it's too
> secure for that, but it would help with the postgres-is-the-client
> one?

While this is still hot.. Would it make sense to have a
scram_salt_length GUC to control the length of the salt used when
generating the SCRAM secret?
--
Michael

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2023-04-13 23:27:45 Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert
Previous Message Daniel Gustafsson 2023-04-13 23:09:55 Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert