public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Craig Ringer <[email protected]>
Cc: Joe Conway <[email protected]>
Cc: Michael Paquier <[email protected]>
Cc: PostgreSQL mailing lists <[email protected]>
Subject: Re: Changing references of password encryption to hashing
Date: Wed, 15 Mar 2017 23:19:32 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAMsr+YHDYyc4Kzxf5JtBHq5NimW3LtkRAuU5hecQhR6DG82KoA@mail.gmail.com>
References: <CAB7nPqR82_57C8O1+z-bUChhHpdjMec_omLfKwYdjAFjjcrBWg@mail.gmail.com>
<[email protected]>
<CAMsr+YHDYyc4Kzxf5JtBHq5NimW3LtkRAuU5hecQhR6DG82KoA@mail.gmail.com>
List-Unsubscribe: <mailto:[email protected]?body=unsub%20pgsql-hackers>
On Mon, Mar 13, 2017 at 04:48:21PM +0800, Craig Ringer wrote:
> On 12 March 2017 at 06:51, Joe Conway <[email protected]> wrote:
>
> > My opinion is that the user visible aspects of this should be deprecated
> > and correct syntax provided. But perhaps that is overkill.
>
> FWIW, in my experience, pretty much nobody understands the pretty
> tangled behaviour of "WITH [ENCRYPTED] PASSWORD", you have to
> understand the fact table of:
>
> * ENCRYPTED, UNENCRYPTED or neither set
> * password_encryption GUC on or off
> * password begins / doesn't begin with fixed string 'md5'
>
> to fully know what will happen.
>
> Then of course, you have to understand how all this interacts with
> pg_hba.conf's 'password' and 'md5' options.
>
> It's a right mess. Since our catalogs don't keep track of the hash
> separately to the password text and use prefixes instead, and since we
> need compatibility for dumps, it's hard to do a great deal about
> though.
With SCRAM coming in PG 10, is there anything we can do to clean this up
for PG 10?
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
view thread (9+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Changing references of password encryption to hashing
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox