Home > mailing lists

Re: Possible to store invalid SCRAM-SHA-256 Passwords - Mailing list pgsql-bugs

From	raf@raf.org
Subject	Re: Possible to store invalid SCRAM-SHA-256 Passwords
Date	April 23, 2019 00:49:24
Msg-id	20190422214924.pytigrzlq7mkdyzq@raf.org Whole thread Raw
In response to	Re: Possible to store invalid SCRAM-SHA-256 Passwords (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Possible to store invalid SCRAM-SHA-256 Passwords (Stephen Frost <sfrost@snowman.net>)
List	pgsql-bugs

Tree view

Stephen Frost wrote:

> I agree we should also handle md5 better.  I realize this needs to be
> back-patched and so we have to deal with the existing catalog structure,
> but this really screams out, in my mind anyway, that we shouldn't have
> ever tried to just stash the password-encoding-type into the password
> field and that we should have pulled it out into its own column, so that
> we aren't having to guess about things as important as a password.
> 
> Thanks!
> 
> Stephen

I don't think there's anything wrong with prefixing a
password hash with an identifier for the password
hashing scheme (and any parameters for that scheme).
This is done all the time in many systems. It just has
to be unambiguoous.

pgsql-bugs by date:

From: "Jonathan S. Katz"
Date: 22 April 2019, 23:57:40
Subject: Re: Possible to store invalid SCRAM-SHA-256 Passwords

From: Peter Geoghegan
Date: 23 April 2019, 01:03:30
Subject: Re: amcheck assert failure

Re: Possible to store invalid SCRAM-SHA-256 Passwords - Mailing list pgsql-bugs

Previous

Next