Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1gPePe-0001Kw-4L
	for pgsql-docs@arkaria.postgresql.org; Thu, 22 Nov 2018 02:08:14 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1gPePc-000506-E3
	for pgsql-docs@arkaria.postgresql.org; Thu, 22 Nov 2018 02:08:12 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <michael@paquier.xyz>)
	id 1gPePb-0004zz-Pw
	for pgsql-docs@lists.postgresql.org; Thu, 22 Nov 2018 02:08:12 +0000
Received: from out4-smtp.messagingengine.com ([66.111.4.28])
	by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <michael@paquier.xyz>)
	id 1gPePZ-0002aq-2M
	for pgsql-docs@lists.postgresql.org; Thu, 22 Nov 2018 02:08:11 +0000
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
	by mailout.nyi.internal (Postfix) with ESMTP id AEA3222357;
	Wed, 21 Nov 2018 21:08:07 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
  by compute4.internal (MEProxy); Wed, 21 Nov 2018 21:08:07 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paquier.xyz; h=
	date:from:to:subject:message-id:references:mime-version
	:content-type:in-reply-to; s=fm3; bh=yDnn68H57gt23O7Toib37Rat94H
	bL1jQcg3GbrHHYnY=; b=uUyQ1vNmoBcYueoJHS1BVRBmUX1PTTRJ4K+R2AhruaM
	m2Dorrht57oGH8POMoe+XcfCRVaZ9+OgF33Eq1PThk1CHKHs6NeRdPQK0STUYoHn
	gxzq2nq6kYMP80NWhg8ExowwCEXC9ZJx0roj5m8Zl/zG8m7mcUtvKSqFSsfOzu7G
	PqXlvQlztsyyxOklIQHCkxzZ1o5Dwh8g8kVcMO6Qtnd7W9BJ4fVwYACySbEp0aDC
	6kcWQIM+C5Uv0VSOSYl2TxBSI/ITwr0fMK68MRV1qkR17D0jAVfrmGdVoJi9jA54
	75Pc/ytj5M0/NUYCO0dFSh8LL3KeFB8CndaWtwYbgNQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=content-type:date:from:in-reply-to
	:message-id:mime-version:references:subject:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=yDnn68
	H57gt23O7Toib37Rat94HbL1jQcg3GbrHHYnY=; b=ixypdOwkXox5hNAZv+lmlt
	vSOXw1J4BTSbnjxnwqnznQAsiSDAsHYQ1AHASyTtxhx/ymkrXGGU42rB6o2Lm3VF
	t1PNNwyrAatlCGry2QNYvuvaShV0JPFuGMm6gY+vNb0tFj4uM/1oYqVpQRSlpK5k
	IV/K84b6wRccHkk1lS/CuWsVlqIVcRvy8NysPNY3xKXOuFQWWvAVWaYL1G9l7tgk
	XJvnefktlOaioz8d/d7C5HEy84ZLLtVo2vM1HZ34iLLP1xS9ldjJbyjCNkMPo1dK
	K1RlQ8nw7qG4XN52Wo+L+jvnLWctQ3lz31gqssm7uYMZItbMSaPtXA2H7xxmoioA
	==
X-ME-Sender: <xms:hw_2W_IHUL4fmMr2gWxEO25pji_DEsMLYTxDggIQ9LY7RYVO8BcMlA>
X-ME-Proxy: <xmx:hw_2W24WOLU7X9P0Fd0uSp5VQ7wL2_X8q-Z-x8AoJdIfwUCbIZUibw>
    <xmx:hw_2W9essiOER6eNyuNnnvAW5dAMm8flR4RxS2BR3ZmTw8g9t4P7hQ>
    <xmx:hw_2W-_SJRptlXxgutG2798-oj-EEff9qXs5KHaPW48jrZSORb3FmA>
    <xmx:hw_2W8GVwHpezfCCA86vHS7GJ1h_O37ppCJNW2Xx95XUKSM57naJ-g>
    <xmx:hw_2W5pWZWDYLd3AwkhPjuFa6XAguTgh7XS6GrC4OcWcliYaAkRngA>
    <xmx:hw_2W8AEG7jCVSWaOy7CLZlAGSmAUT8LJct23ZlTCirmOpDojsdYaw>
Received: from paquier.xyz (mp76f1fb0d.ap.nuro.jp [118.241.251.13])
	by mail.messagingengine.com (Postfix) with ESMTPA id B2044102A0;
	Wed, 21 Nov 2018 21:08:04 -0500 (EST)
Date: Thu, 22 Nov 2018 11:07:59 +0900
From: Michael Paquier <michael@paquier.xyz>
To: steven.winfield@cantabcapital.com, pgsql-docs@lists.postgresql.org
Subject: Re: CREATE/ALTER ROLE with NULL password
Message-ID: <20181122020759.GE3369@paquier.xyz>
References: <154282901979.1316.7418475422120496802@wrigleys.postgresql.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="CXFpZVxO6m2Ol4tQ"
Content-Disposition: inline
In-Reply-To: <154282901979.1316.7418475422120496802@wrigleys.postgresql.org>
List-Id: <pgsql-docs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-docs@lists.postgresql.org>
List-Owner: <mailto:pgsql-docs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-docs>
Precedence: bulk


--CXFpZVxO6m2Ol4tQ
Content-Type: multipart/mixed; boundary="//IivP0gvsAy3Can"
Content-Disposition: inline


--//IivP0gvsAy3Can
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Nov 21, 2018 at 07:36:59PM +0000, PG Doc comments form wrote:
> The current synopsis for CREATE / ALTER ROLE give one of the allowed opti=
ons
> as:
> [ ENCRYPTED ] PASSWORD 'password'
> and the current documentation for CREATE ROLE says:
> "The ENCRYPTED keyword has no effect, but is accepted for backwards
> compatibility."

The grammar is still supported, so keeping it documented has no actual
problems until it gets removed, if that happens.  Keeping it is not a
real maintenance burden either.

> I think it might be worth explicitly specifying the password-blanking form
> for both commands as a new option in their synopses, e.g.:
>=20
> "
> CREATE ROLE name [ [ WITH ] option [ ... ] ]
>=20
> where option can be:
>=20
>       SUPERUSER | NOSUPERUSER
>     | CREATEDB | NOCREATEDB
>     ...
>     | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
>     ...
> "

Yes, that the set of grammar combination supported, as ENCRYPTED
PASSWORD NULL is not possible.

> Also, there is inconsistency of quoting of 'password' in the synopsis for
> CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (=
no
> quotes).

Agreed, this should have quotes for consistency.  Any objections with
the attached set of fixes from anybody?
--
Michael

--//IivP0gvsAy3Can
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="create-role-null-quotes.patch"
Content-Transfer-Encoding: quoted-printable

diff --git a/doc/src/sgml/ref/alter_role.sgml b/doc/src/sgml/ref/alter_role=
=2Esgml
index 573a3e80f7..dbf258ef50 100644
--- a/doc/src/sgml/ref/alter_role.sgml
+++ b/doc/src/sgml/ref/alter_role.sgml
@@ -33,7 +33,7 @@ ALTER ROLE <replaceable class=3D"parameter">role_specific=
ation</replaceable> [ WIT
     | REPLICATION | NOREPLICATION
     | BYPASSRLS | NOBYPASSRLS
     | CONNECTION LIMIT <replaceable class=3D"parameter">connlimit</replace=
able>
-    | [ ENCRYPTED ] PASSWORD '<replaceable class=3D"parameter">password</r=
eplaceable>'
+    | [ ENCRYPTED ] PASSWORD '<replaceable class=3D"parameter">password</r=
eplaceable>' | PASSWORD NULL
     | VALID UNTIL '<replaceable class=3D"parameter">timestamp</replaceable=
>'
=20
 ALTER ROLE <replaceable class=3D"parameter">name</replaceable> RENAME TO <=
replaceable>new_name</replaceable>
@@ -168,7 +168,8 @@ ALTER ROLE { <replaceable class=3D"parameter">role_spec=
ification</replaceable> | A
       <term><literal>BYPASSRLS</literal></term>
       <term><literal>NOBYPASSRLS</literal></term>
       <term><literal>CONNECTION LIMIT</literal> <replaceable class=3D"para=
meter">connlimit</replaceable></term>
-      <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> <=
replaceable class=3D"parameter">password</replaceable></term>
+      <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> '=
<replaceable class=3D"parameter">password</replaceable>'</term>
+      <term><literal>PASSWORD NULL</literal></term>
       <term><literal>VALID UNTIL</literal> '<replaceable class=3D"paramete=
r">timestamp</replaceable>'</term>
       <listitem>
        <para>
diff --git a/doc/src/sgml/ref/alter_user.sgml b/doc/src/sgml/ref/alter_user=
=2Esgml
index 8f50f43089..6769c8ecc4 100644
--- a/doc/src/sgml/ref/alter_user.sgml
+++ b/doc/src/sgml/ref/alter_user.sgml
@@ -33,7 +33,7 @@ ALTER USER <replaceable class=3D"parameter">role_specific=
ation</replaceable> [ WIT
     | REPLICATION | NOREPLICATION
     | BYPASSRLS | NOBYPASSRLS
     | CONNECTION LIMIT <replaceable class=3D"parameter">connlimit</replace=
able>
-    | [ ENCRYPTED ] PASSWORD '<replaceable class=3D"parameter">password</r=
eplaceable>'
+    | [ ENCRYPTED ] PASSWORD '<replaceable class=3D"parameter">password</r=
eplaceable>' | PASSWORD NULL
     | VALID UNTIL '<replaceable class=3D"parameter">timestamp</replaceable=
>'
=20
 ALTER USER <replaceable class=3D"parameter">name</replaceable> RENAME TO <=
replaceable>new_name</replaceable>
diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_ro=
le.sgml
index 9c3b6978af..db842732a8 100644
--- a/doc/src/sgml/ref/create_role.sgml
+++ b/doc/src/sgml/ref/create_role.sgml
@@ -33,7 +33,7 @@ CREATE ROLE <replaceable class=3D"parameter">name</replac=
eable> [ [ WITH ] <replac
     | REPLICATION | NOREPLICATION
     | BYPASSRLS | NOBYPASSRLS
     | CONNECTION LIMIT <replaceable class=3D"parameter">connlimit</replace=
able>
-    | [ ENCRYPTED ] PASSWORD '<replaceable class=3D"parameter">password</r=
eplaceable>'
+    | [ ENCRYPTED ] PASSWORD '<replaceable class=3D"parameter">password</r=
eplaceable>' | PASSWORD NULL
     | VALID UNTIL '<replaceable class=3D"parameter">timestamp</replaceable=
>'
     | IN ROLE <replaceable class=3D"parameter">role_name</replaceable> [, =
=2E..]
     | IN GROUP <replaceable class=3D"parameter">role_name</replaceable> [,=
 ...]
@@ -210,7 +210,8 @@ CREATE ROLE <replaceable class=3D"parameter">name</repl=
aceable> [ [ WITH ] <replac
      </varlistentry>
=20
      <varlistentry>
-      <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> <=
replaceable class=3D"parameter">password</replaceable></term>
+      <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> '=
<replaceable class=3D"parameter">password</replaceable>'</term>
+      <term><literal>PASSWORD NULL</literal></term>
       <listitem>
        <para>
         Sets the role's password.  (A password is only of use for
diff --git a/doc/src/sgml/ref/create_user.sgml b/doc/src/sgml/ref/create_us=
er.sgml
index a51dc50c97..198e06e723 100644
--- a/doc/src/sgml/ref/create_user.sgml
+++ b/doc/src/sgml/ref/create_user.sgml
@@ -33,7 +33,7 @@ CREATE USER <replaceable class=3D"parameter">name</replac=
eable> [ [ WITH ] <replac
     | REPLICATION | NOREPLICATION
     | BYPASSRLS | NOBYPASSRLS
     | CONNECTION LIMIT <replaceable class=3D"parameter">connlimit</replace=
able>
-    | [ ENCRYPTED ] PASSWORD '<replaceable class=3D"parameter">password</r=
eplaceable>'
+    | [ ENCRYPTED ] PASSWORD '<replaceable class=3D"parameter">password</r=
eplaceable>' | PASSWORD NULL
     | VALID UNTIL '<replaceable class=3D"parameter">timestamp</replaceable=
>'
     | IN ROLE <replaceable class=3D"parameter">role_name</replaceable> [, =
=2E..]
     | IN GROUP <replaceable class=3D"parameter">role_name</replaceable> [,=
 ...]

--//IivP0gvsAy3Can--

--CXFpZVxO6m2Ol4tQ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEG72nH6vTowiyblFKnvQgOdbyQH0FAlv2D38ACgkQnvQgOdby
QH0faQ/+KFnaqEhjMhpSwijqtWvKR3w/eMbUYQI8tH4RRiHiDsbGcwGwdEfD8H/9
EzCNepI8lHZrm5iOGwrVJc5kf8q1bq6865gJKkJ7zuSSsYs05wOeikn5B9f9X0SN
nZXPCjHmgxruuflG3VKYV1g3APMG39eUqi4ETSRBhDmi8yv3qswGJkqPzC4lRqJh
qXD98U9z62UyG6vROMyf15kx+4lMh763gPwzRIWumU0cHYgNglG3qNJZHI0AHiFY
2IfwfGNqo3kPWixy/RKlYzo7sJWvJdLrLr3tZJO7cwiM7RECf/Oj8ie1sRGzc1FT
+BNzAOeUxmKxBWaShUxxkb1SUT5ZkY377zeZ2C5BBUAlODCJo4zaP6SkM+nNBrsg
gX93w7bLE6mKC1u9vbNMoBTMVppey4djDU0eBYGCQ/xmQqa5hi9HuInBfTu9jg/T
pHs9ifJmQamrtOgeDfrm/dUS5I4WTw3byuW7mwYQhG1Q2Ice3hkvD7h2CeZe7vN4
/kZEVZeO2uYo4xr1ifWlRQzoJ034JyyzM4DCtUxJ1rjJgUIJnBxufI45j8EoEbDY
pdWc8oVc3g/+Q6CeWeW4Ck+EeJk9sZxyBL6xS6vsl1BNuQTtL4BgbXhnr6wjp53g
nq97tpk5IGYF/dg0GuYp0dtMy97JdJj3/I2xskgdqsFsHKEDuXw=
=Ano7
-----END PGP SIGNATURE-----

--CXFpZVxO6m2Ol4tQ--