Home > mailing lists

Re: Possible to store invalid SCRAM-SHA-256 Passwords - Mailing list pgsql-bugs

From	Michael Paquier
Subject	Re: Possible to store invalid SCRAM-SHA-256 Passwords
Date	April 23, 2019 05:10:18
Msg-id	20190423021018.GF2712@paquier.xyz Whole thread Raw
In response to	Re: Possible to store invalid SCRAM-SHA-256 Passwords ("Jonathan S. Katz" <jkatz@postgresql.org>)
Responses	Re: Possible to store invalid SCRAM-SHA-256 Passwords (Michael Paquier <michael@paquier.xyz>)
List	pgsql-bugs

Tree view

On Mon, Apr 22, 2019 at 09:16:49PM -0400, Jonathan S. Katz wrote:
> +1; that's why I left the comparison in.
>
> (e.g. "md512345678901234567890123456789012zzz" would pass without strlen).

That's a hard morning...  Yes you are right and I can see the failure.
By the way, grouping everything in one patch looks more adapted to me
as this tightens all the checks for the different verifier types.
--
Michael

Attachment

signature.asc

pgsql-bugs by date:

From: Tom Lane
Date: 23 April 2019, 04:28:19
Subject: Re: Possible to store invalid SCRAM-SHA-256 Passwords

From: PG Bug reporting form
Date: 23 April 2019, 06:19:21
Subject: BUG #15775: pg_get_indexdef: could not open relation with OID 16385

Re: Possible to store invalid SCRAM-SHA-256 Passwords - Mailing list pgsql-bugs

Attachment

Previous

Next