public inbox for [email protected]  
help / color / mirror / Atom feed
From: Alvaro Herrera <[email protected]>
To: Bernd Helmle <[email protected]>
Cc: Japin Li <[email protected]>
Cc: PostgreSQL Development <[email protected]>
Subject: Re: Modern SHA2- based password hashes for pgcrypto
Date: Tue, 14 Jan 2025 11:47:21 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>

Hello Bernd,

On 2025-Jan-14, Bernd Helmle wrote:

> > It's been said in my presence that pgcrypto is obsolete and
> > shouldn't be used anymore.  I'm not sure I believe that, but even if
> > that's true, it's clear that there's plenty of people who has an
> > interest on it, so I don't see that as an objection to reject this
> > work.  So let's move on.
> 
> Oh, that's news to me. Is there a plan for it somewhere? I agree that
> pgcrypto is widley used and needs a proper replacement when we decide
> to deprecate it.

I don't know about a plan, but
https://www.youtube.com/watch?v=pp6xdr3TuWM&t=1088s

> I originally thought about StringInfo but went with just the fixed
> length character buffers since we access them directly anyways (and the
> px_*/OpenSSL API needs char * ).

Note that you can access the char * via StringInfo->data.  Just don't
modify it without the StringInfo APIs.

> > Some of your elog(ERROR)s should probably be ereport(), and I'm not
> > sure we want all the elog(DEBUG1)s.
> 
> I added them during development. I am not married to them, but found
> them useful during testing. If we come to the conclusion they're not
> really that important, i drop them entirely.

Yeah, the DEBUGs are a pretty minor issue -- it's easy to remove them
afterwards.  For any actual error condition that's not a "can't happen"
one, please use ereport() for consistency.  (There's no translation
support for contrib, so they won't be translated anyway.)

-- 
Álvaro Herrera               48°01'N 7°57'E  —  https://www.EnterpriseDB.com/
"No deja de ser humillante para una persona de ingenio saber
que no hay tonto que no le pueda enseñar algo." (Jean B. Say)






view thread (3+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Modern SHA2- based password hashes for pgcrypto
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox