Re: Possible to store invalid SCRAM-SHA-256 Passwords - Mailing list pgsql-bugs

From raf@raf.org
Subject Re: Possible to store invalid SCRAM-SHA-256 Passwords
Date
Msg-id 20190422214924.pytigrzlq7mkdyzq@raf.org
Whole thread Raw
In response to Re: Possible to store invalid SCRAM-SHA-256 Passwords  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Possible to store invalid SCRAM-SHA-256 Passwords
List pgsql-bugs
Stephen Frost wrote:

> I agree we should also handle md5 better.  I realize this needs to be
> back-patched and so we have to deal with the existing catalog structure,
> but this really screams out, in my mind anyway, that we shouldn't have
> ever tried to just stash the password-encoding-type into the password
> field and that we should have pulled it out into its own column, so that
> we aren't having to guess about things as important as a password.
> 
> Thanks!
> 
> Stephen

I don't think there's anything wrong with prefixing a
password hash with an identifier for the password
hashing scheme (and any parameters for that scheme).
This is done all the time in many systems. It just has
to be unambiguoous.




pgsql-bugs by date:

Previous
From: "Jonathan S. Katz"
Date:
Subject: Re: Possible to store invalid SCRAM-SHA-256 Passwords
Next
From: Peter Geoghegan
Date:
Subject: Re: amcheck assert failure