Re: [HACKERS] CREATE/ALTER ROLE PASSWORD ('value' USING 'method') - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: [HACKERS] CREATE/ALTER ROLE PASSWORD ('value' USING 'method')
Date
Msg-id CAB7nPqQjhY7f9Gsg6wp3yjOos7k5eOxP+zB0ZuW7YMh1P8dTYw@mail.gmail.com
Whole thread Raw
In response to Re: [HACKERS] CREATE/ALTER ROLE PASSWORD ('value' USING 'method')  (Joe Conway <mail@joeconway.com>)
Responses Re: [HACKERS] CREATE/ALTER ROLE PASSWORD ('value' USING 'method')  (Robert Haas <robertmhaas@gmail.com>)
Re: [HACKERS] CREATE/ALTER ROLE PASSWORD ('value' USING 'method')  (Jeff Janes <jeff.janes@gmail.com>)
List pgsql-hackers
On Thu, Mar 9, 2017 at 1:17 AM, Joe Conway <mail@joeconway.com> wrote:
> On 03/07/2017 08:29 PM, Tom Lane wrote:
>> Michael Paquier <michael.paquier@gmail.com> writes:
>>> here is a separate thread dedicated to the following extension for
>>> CREATE/ALTER ROLE: PASSWORD ('value' USING 'method').
>>
>> The parentheses seem weird ... do we really need those?
>
> +1

Seeing 3 opinions in favor of that, let's do so then. I have updated
the patch to not use parenthesis.

>> +        If you do not plan to use password authentication you can omit this
>> +        option. The methods supported are <literal>md5</> to enforce a password
>> +        to be MD5-encrypted, <literal>scram</> for a SCRAM-encrypted password
>> +        and <literal>plain</> for an unencrypted password.  If the password
>
> Can we please stop calling this encryption? What is being done is a form
> of cryptographic hashing, not encryption.

Yes, I agree with that for MD5, and after looking around I can see
(like here http://prosody.im/doc/plain_or_hashed) as well that
SCRAM-hashed is used. Now, there are as well references to the salt,
like in protocol.sgml:
"The salt to use when encrypting the password."
Joe, do you think that in this case using the term "hashing" would be
more appropriate? I would think so as we use it to hash the password.

The patch attached removes the parenthesis for this grammar, and uses
"hashed" instead of "encrypted" for the new documentation. For the
existing documentation, perhaps we had better just spawn a new thread,
but I am unsure of all the details yet. Opinions welcome.
-- 
Michael

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Attachment

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: [HACKERS] Parallel Append implementation
Next
From: Rushabh Lathia
Date:
Subject: Re: [HACKERS] Gather Merge