Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1coLwz-0002Fe-Hc for pgsql-hackers@arkaria.postgresql.org; Thu, 16 Mar 2017 03:19:41 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1coLwz-0003AE-2b for pgsql-hackers@arkaria.postgresql.org; Thu, 16 Mar 2017 03:19:41 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1coLwx-00039H-VK for pgsql-hackers@postgresql.org; Thu, 16 Mar 2017 03:19:40 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from ) id 1coLwt-0002U2-FM for pgsql-hackers@postgresql.org; Thu, 16 Mar 2017 03:19:38 +0000 Received: from bruce by momjian.us with local (Exim 4.84_2) (envelope-from ) id 1coLwq-00082Q-Fr; Wed, 15 Mar 2017 23:19:32 -0400 Date: Wed, 15 Mar 2017 23:19:32 -0400 From: Bruce Momjian To: Craig Ringer Cc: Joe Conway , Michael Paquier , PostgreSQL mailing lists Subject: Re: Changing references of password encryption to hashing Message-ID: <20170316031932.GA30261@momjian.us> References: <036316d5-a707-3f26-2ad2-8a63a8ff3f5f@joeconway.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-Pg-Spam-Score: -1.9 (-) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-hackers Precedence: bulk Sender: pgsql-hackers-owner@postgresql.org On Mon, Mar 13, 2017 at 04:48:21PM +0800, Craig Ringer wrote: > On 12 March 2017 at 06:51, Joe Conway wrote: > > > My opinion is that the user visible aspects of this should be deprecated > > and correct syntax provided. But perhaps that is overkill. > > FWIW, in my experience, pretty much nobody understands the pretty > tangled behaviour of "WITH [ENCRYPTED] PASSWORD", you have to > understand the fact table of: > > * ENCRYPTED, UNENCRYPTED or neither set > * password_encryption GUC on or off > * password begins / doesn't begin with fixed string 'md5' > > to fully know what will happen. > > Then of course, you have to understand how all this interacts with > pg_hba.conf's 'password' and 'md5' options. > > It's a right mess. Since our catalogs don't keep track of the hash > separately to the password text and use prefixes instead, and since we > need compatibility for dumps, it's hard to do a great deal about > though. With SCRAM coming in PG 10, is there anything we can do to clean this up for PG 10? -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers