Home > mailing lists

Re: [HACKERS] scram and \password - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: [HACKERS] scram and \password
Date	May 2, 2017 22:47:33
Msg-id	CA+TgmoZ1oCu6pdRaj4sexaSPUooLcgRzrwd6qMV-SB7JsqTAmQ@mail.gmail.com Whole thread Raw
In response to	Re: [HACKERS] scram and \password (Heikki Linnakangas <hlinnaka@iki.fi>)
Responses	Re: [HACKERS] scram and \password (Heikki Linnakangas <hlinnaka@iki.fi>)
List	pgsql-hackers

Tree view

On Tue, May 2, 2017 at 3:42 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> There's going to be a default, one way or another. The default is going to
> come from password_encryption, or it's going to be a hard-coded value or
> logic based on server-version in PQencryptPasswordConn(). Or it's going to
> be a hard-coded value or logic implemented in every application that uses
> PQencryptPasswordConn(). I think looking at password_encryption makes the
> most sense. The application is not in a good position to make the decision,
> and forcing the end-user to choose every time they change a password is too
> onerous.

I think there should be no default, and the caller should have to pass
the algorithm explicitly.  If they want to determine what default to
pass by running 'SHOW password_encryption', that's their choice.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Vladimir Borodin
Date: 02 May 2017, 22:37:44
Subject: Re: [HACKERS] [PROPOSAL] Use SnapshotAny in get_actual_variable_range

From: Corey Huinker
Date: 02 May 2017, 22:51:35
Subject: Re: [HACKERS] CTE inlining

Re: [HACKERS] scram and \password - Mailing list pgsql-hackers

Previous

Next