Re: User functions for building SCRAM secrets - Mailing list pgsql-hackers

From Jacob Champion
Subject Re: User functions for building SCRAM secrets
Date
Msg-id 7176a80d-cae7-dfe2-d9db-862387b24243@timescale.com
Whole thread Raw
In response to Re: User functions for building SCRAM secrets  (Peter Eisentraut <peter.eisentraut@enterprisedb.com>)
Responses Re: User functions for building SCRAM secrets
List pgsql-hackers
On 11/8/22 12:26, Peter Eisentraut wrote:
> On 04.11.22 21:39, Jacob Champion wrote:
>> I don't think it's helpful for me to try to block progress on this
>> patchset behind the other one. But is there a way for me to help this
>> proposal skate in the same general direction? Could Peter's encryption
>> framework expand to fit this case in the future?
> 
> We already have support in libpq for doing this (PQencryptPasswordConn()).

Sure, but you can't access that in SQL, right? The hand-wavy part is to
combine that existing function with your transparent encryption
proposal, as a special-case encryptor whose output could be bound to the
query.

But I guess that wouldn't really help with ALTER ROLE ... PASSWORD,
because you can't parameterize it. Hm...

--Jacob



pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: Slow standby snapshot
Next
From: Justin Pryzby
Date:
Subject: Re: Cygwin cleanup