[pgjdbc/pgjdbc] eae5e6: feat: Add PasswordUtil and PGConnection.alterUserP...

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Sehrope Sarkuni <[email protected]>
To: [email protected]
Subject: [pgjdbc/pgjdbc] eae5e6: feat: Add PasswordUtil and PGConnection.alterUserP...
Date: Tue, 02 Jan 2024 19:18:23 -0800
Message-ID: <pgjdbc/pgjdbc/push/refs/heads/master/[email protected]> (raw)

  Branch: refs/heads/master
  Home:   https://github.com/pgjdbc/pgjdbc
  Commit: eae5e613641be1cb9aba13f454ae5fc63f8ed55a
      https://github.com/pgjdbc/pgjdbc/commit/eae5e613641be1cb9aba13f454ae5fc63f8ed55a
  Author: Sehrope Sarkuni <[email protected]>
  Date:   2024-01-02 (Tue, 02 Jan 2024)

  Changed paths:
    M CHANGELOG.md
    M pgjdbc/src/main/java/org/postgresql/PGConnection.java
    M pgjdbc/src/main/java/org/postgresql/util/MD5Digest.java
    A pgjdbc/src/main/java/org/postgresql/util/PasswordUtil.java
    A pgjdbc/src/test/java/org/postgresql/test/util/PasswordUtilTest.java
    M pgjdbc/src/testFixtures/java/org/postgresql/test/TestUtil.java

  Log Message:
  -----------
  feat: Add PasswordUtil and PGConnection.alterUserPassword(...) for encrypting passwords client side

Add a PasswordUtil helper that provides methods for encoding a given password client
side so that it may be used for ALTER USER and CREATE USER statement without sending
the plaintext password over the wire.

Also adds a helper to PGConnection that generates the ALTER USER command necessary to
update a user's password and executes it.

The helpers default to encoding the password using SCRAM-SHA-256 if used directly or using the
server's default password_encryption setting if used via the PGConnection helper.

Co-authored-by: Sehrope Sarkuni <[email protected]>
Co-authored-by: Dave Cramer <[email protected]>

  Commit: f2492112e9ba2f72df417e456742df51533852f0
      https://github.com/pgjdbc/pgjdbc/commit/f2492112e9ba2f72df417e456742df51533852f0
  Author: Sehrope Sarkuni <[email protected]>
  Date:   2024-01-02 (Tue, 02 Jan 2024)

  Changed paths:
    M .github/workflows/matrix.js

  Log Message:
  -----------
  test: Force use of /dev/urandom in CI as source for java.security.egd

Force use of /dev/urandom as the source of entropy for the internal state of the secure
RNG by setting java.security.egd. This is needed to prevent a poorly configured runner
from draining its entropy by using the default of /dev/random. This is not needed on
modern kernels as they do not block after boot. However it may be required for older
kernels that will otherwise refuse to return back random bits unless they think they
have enough tracked entropy in /dev/random. Specifically, this corrects an issue with
one of the hosted CI runners that was hanging fetching bytes from SecureRandom.

Compare: https://github.com/pgjdbc/pgjdbc/compare/0b0f4ce6ed89...f2492112e9ba

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: [pgjdbc/pgjdbc] eae5e6: feat: Add PasswordUtil and PGConnection.alterUserP...
  In-Reply-To: <pgjdbc/pgjdbc/push/refs/heads/master/[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox