public inbox for [email protected]
help / color / mirror / Atom feedCREATE/ALTER ROLE with NULL password
6+ messages / 3 participants
[nested] [flat]
* CREATE/ALTER ROLE with NULL password
@ 2018-11-21 19:36 PG Doc comments form <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: PG Doc comments form @ 2018-11-21 19:36 UTC (permalink / raw)
To: [email protected]; +Cc: [email protected]
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/11/sql-alterrole.html
Description:
When creating a role with no password, or altering a role to remove its
password, the ENCRYPTED clause must not be present.
The current synopsis for CREATE / ALTER ROLE give one of the allowed options
as:
[ ENCRYPTED ] PASSWORD 'password'
and the current documentation for CREATE ROLE says:
"The ENCRYPTED keyword has no effect, but is accepted for backwards
compatibility."
I think it might be worth explicitly specifying the password-blanking form
for both commands as a new option in their synopses, e.g.:
"
CREATE ROLE name [ [ WITH ] option [ ... ] ]
where option can be:
SUPERUSER | NOSUPERUSER
| CREATEDB | NOCREATEDB
...
| [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
...
"
Also, there is inconsistency of quoting of 'password' in the synopsis for
CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no
quotes).
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CREATE/ALTER ROLE with NULL password
@ 2018-11-22 02:07 Michael Paquier <[email protected]>
parent: PG Doc comments form <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Michael Paquier @ 2018-11-22 02:07 UTC (permalink / raw)
To: [email protected]; [email protected]
On Wed, Nov 21, 2018 at 07:36:59PM +0000, PG Doc comments form wrote:
> The current synopsis for CREATE / ALTER ROLE give one of the allowed options
> as:
> [ ENCRYPTED ] PASSWORD 'password'
> and the current documentation for CREATE ROLE says:
> "The ENCRYPTED keyword has no effect, but is accepted for backwards
> compatibility."
The grammar is still supported, so keeping it documented has no actual
problems until it gets removed, if that happens. Keeping it is not a
real maintenance burden either.
> I think it might be worth explicitly specifying the password-blanking form
> for both commands as a new option in their synopses, e.g.:
>
> "
> CREATE ROLE name [ [ WITH ] option [ ... ] ]
>
> where option can be:
>
> SUPERUSER | NOSUPERUSER
> | CREATEDB | NOCREATEDB
> ...
> | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
> ...
> "
Yes, that the set of grammar combination supported, as ENCRYPTED
PASSWORD NULL is not possible.
> Also, there is inconsistency of quoting of 'password' in the synopsis for
> CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no
> quotes).
Agreed, this should have quotes for consistency. Any objections with
the attached set of fixes from anybody?
--
Michael
Attachments:
[text/x-diff] create-role-null-quotes.patch (4.6K, 2-create-role-null-quotes.patch)
download | inline diff:
diff --git a/doc/src/sgml/ref/alter_role.sgml b/doc/src/sgml/ref/alter_role.sgml
index 573a3e80f7..dbf258ef50 100644
--- a/doc/src/sgml/ref/alter_role.sgml
+++ b/doc/src/sgml/ref/alter_role.sgml
@@ -33,7 +33,7 @@ ALTER ROLE <replaceable class="parameter">role_specification</replaceable> [ WIT
| REPLICATION | NOREPLICATION
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT <replaceable class="parameter">connlimit</replaceable>
- | [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>'
+ | [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>' | PASSWORD NULL
| VALID UNTIL '<replaceable class="parameter">timestamp</replaceable>'
ALTER ROLE <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable>
@@ -168,7 +168,8 @@ ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | A
<term><literal>BYPASSRLS</literal></term>
<term><literal>NOBYPASSRLS</literal></term>
<term><literal>CONNECTION LIMIT</literal> <replaceable class="parameter">connlimit</replaceable></term>
- <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> <replaceable class="parameter">password</replaceable></term>
+ <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> '<replaceable class="parameter">password</replaceable>'</term>
+ <term><literal>PASSWORD NULL</literal></term>
<term><literal>VALID UNTIL</literal> '<replaceable class="parameter">timestamp</replaceable>'</term>
<listitem>
<para>
diff --git a/doc/src/sgml/ref/alter_user.sgml b/doc/src/sgml/ref/alter_user.sgml
index 8f50f43089..6769c8ecc4 100644
--- a/doc/src/sgml/ref/alter_user.sgml
+++ b/doc/src/sgml/ref/alter_user.sgml
@@ -33,7 +33,7 @@ ALTER USER <replaceable class="parameter">role_specification</replaceable> [ WIT
| REPLICATION | NOREPLICATION
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT <replaceable class="parameter">connlimit</replaceable>
- | [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>'
+ | [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>' | PASSWORD NULL
| VALID UNTIL '<replaceable class="parameter">timestamp</replaceable>'
ALTER USER <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable>
diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml
index 9c3b6978af..db842732a8 100644
--- a/doc/src/sgml/ref/create_role.sgml
+++ b/doc/src/sgml/ref/create_role.sgml
@@ -33,7 +33,7 @@ CREATE ROLE <replaceable class="parameter">name</replaceable> [ [ WITH ] <replac
| REPLICATION | NOREPLICATION
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT <replaceable class="parameter">connlimit</replaceable>
- | [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>'
+ | [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>' | PASSWORD NULL
| VALID UNTIL '<replaceable class="parameter">timestamp</replaceable>'
| IN ROLE <replaceable class="parameter">role_name</replaceable> [, ...]
| IN GROUP <replaceable class="parameter">role_name</replaceable> [, ...]
@@ -210,7 +210,8 @@ CREATE ROLE <replaceable class="parameter">name</replaceable> [ [ WITH ] <replac
</varlistentry>
<varlistentry>
- <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> <replaceable class="parameter">password</replaceable></term>
+ <term>[ <literal>ENCRYPTED</literal> ] <literal>PASSWORD</literal> '<replaceable class="parameter">password</replaceable>'</term>
+ <term><literal>PASSWORD NULL</literal></term>
<listitem>
<para>
Sets the role's password. (A password is only of use for
diff --git a/doc/src/sgml/ref/create_user.sgml b/doc/src/sgml/ref/create_user.sgml
index a51dc50c97..198e06e723 100644
--- a/doc/src/sgml/ref/create_user.sgml
+++ b/doc/src/sgml/ref/create_user.sgml
@@ -33,7 +33,7 @@ CREATE USER <replaceable class="parameter">name</replaceable> [ [ WITH ] <replac
| REPLICATION | NOREPLICATION
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT <replaceable class="parameter">connlimit</replaceable>
- | [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>'
+ | [ ENCRYPTED ] PASSWORD '<replaceable class="parameter">password</replaceable>' | PASSWORD NULL
| VALID UNTIL '<replaceable class="parameter">timestamp</replaceable>'
| IN ROLE <replaceable class="parameter">role_name</replaceable> [, ...]
| IN GROUP <replaceable class="parameter">role_name</replaceable> [, ...]
[application/pgp-signature] signature.asc (833B, 3-signature.asc)
download
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CREATE/ALTER ROLE with NULL password
@ 2018-11-22 06:58 David G. Johnston <[email protected]>
parent: Michael Paquier <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: David G. Johnston @ 2018-11-22 06:58 UTC (permalink / raw)
To: Michael Paquier <[email protected]>; +Cc: [email protected] <[email protected]>; [email protected] <[email protected]>
On Wednesday, November 21, 2018, Michael Paquier <[email protected]>
wrote:
> Yes, that the set of grammar combination supported, as ENCRYPTED
> PASSWORD NULL is not possible.
>
> Any objections with
> the attached set of fixes from anybody?
>
Should tweak the paragraph to point out this exception as well.
The ENCRYPTED keyword has no effect, but is accepted for backwards
compatibility[, except in the PASSWORD NULL form.]
David J.
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CREATE/ALTER ROLE with NULL password
@ 2018-11-22 07:58 Michael Paquier <[email protected]>
parent: David G. Johnston <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Michael Paquier @ 2018-11-22 07:58 UTC (permalink / raw)
To: David G. Johnston <[email protected]>; +Cc: [email protected] <[email protected]>; [email protected] <[email protected]>
On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote:
> Should tweak the paragraph to point out this exception as well.
>
> The ENCRYPTED keyword has no effect, but is accepted for backwards
> compatibility[, except in the PASSWORD NULL form.]
The docs list the following with the patch as supported grammar:
[ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
And it seems to me that '|' has priority over '[]', so ENCRYPTED does
not apply to PASSWORD NULL if phrased this way.
--
Michael
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CREATE/ALTER ROLE with NULL password
@ 2018-11-22 16:54 David G. Johnston <[email protected]>
parent: Michael Paquier <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: David G. Johnston @ 2018-11-22 16:54 UTC (permalink / raw)
To: Michael Paquier <[email protected]>; +Cc: [email protected] <[email protected]>; [email protected] <[email protected]>
On Thursday, November 22, 2018, Michael Paquier <[email protected]> wrote:
> On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote:
> > Should tweak the paragraph to point out this exception as well.
> >
> > The ENCRYPTED keyword has no effect, but is accepted for backwards
> > compatibility[, except in the PASSWORD NULL form.]
>
> The docs list the following with the patch as supported grammar:
> [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
> And it seems to me that '|' has priority over '[]', so ENCRYPTED does
> not apply to PASSWORD NULL if phrased this way.
>
>
Yes, the syntax block is perfectly clear but we still explain said grammer
in words and should be precise there as well, IMO. Not a big deal though.
David J.
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: CREATE/ALTER ROLE with NULL password
@ 2018-11-23 00:13 Michael Paquier <[email protected]>
parent: David G. Johnston <[email protected]>
0 siblings, 0 replies; 6+ messages in thread
From: Michael Paquier @ 2018-11-23 00:13 UTC (permalink / raw)
To: David G. Johnston <[email protected]>; +Cc: [email protected] <[email protected]>; [email protected] <[email protected]>
On Thu, Nov 22, 2018 at 09:54:07AM -0700, David G. Johnston wrote:
> On Thursday, November 22, 2018, Michael Paquier <[email protected]> wrote:
>> The docs list the following with the patch as supported grammar:
>> [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
>> And it seems to me that '|' has priority over '[]', so ENCRYPTED does
>> not apply to PASSWORD NULL if phrased this way.
>
> Yes, the syntax block is perfectly clear but we still explain said grammer
> in words and should be precise there as well, IMO. Not a big deal though.
Okay, thanks. I have committed the simplest version.
--
Michael
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
^ permalink raw reply [nested|flat] 6+ messages in thread
end of thread, other threads:[~2018-11-23 00:13 UTC | newest]
Thread overview: 6+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2018-11-21 19:36 CREATE/ALTER ROLE with NULL password PG Doc comments form <[email protected]>
2018-11-22 02:07 ` Michael Paquier <[email protected]>
2018-11-22 06:58 ` David G. Johnston <[email protected]>
2018-11-22 07:58 ` Michael Paquier <[email protected]>
2018-11-22 16:54 ` David G. Johnston <[email protected]>
2018-11-23 00:13 ` Michael Paquier <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox