Home > mailing lists

Re: User functions for building SCRAM secrets - Mailing list pgsql-hackers

From	Jacob Champion
Subject	Re: User functions for building SCRAM secrets
Date	November 11, 2022 00:07:42
Msg-id	CAAWbhmhQUpQnSSFPr5+tp3uK9R1HF2H733cgwHjq1wcv6JC4Og@mail.gmail.com Whole thread Raw
In response to	Re: User functions for building SCRAM secrets (Michael Paquier <michael@paquier.xyz>)
List	pgsql-hackers

Tree view

On Tue, Nov 8, 2022 at 9:28 PM Michael Paquier <michael@paquier.xyz> wrote:
> On Tue, Nov 08, 2022 at 04:57:09PM -0800, Jacob Champion wrote:
> > But I guess that wouldn't really help with ALTER ROLE ... PASSWORD,
> > because you can't parameterize it. Hm...
>
> Yeah, and I'd like to think that this is never something we should
> allow, either, as that could be easily a footgun for users (?).

What would make it unsafe? I don't know a lot about the tradeoffs for
parameterizing queries.

--Jacob

pgsql-hackers by date:

From: "David E. Wheeler"
Date: 10 November 2022, 23:55:53
Subject: JSONPath Child Operator?

From: Peter Geoghegan
Date: 11 November 2022, 02:09:23
Subject: Re: Call lazy_check_wraparound_failsafe earlier for parallel vacuum

Re: User functions for building SCRAM secrets - Mailing list pgsql-hackers

Previous

Next