On Fri, Aug 7, 2015 at 6:54 PM, Michael Paquier
<michael.paquier@gmail.com> wrote:
> This filtering machinery definitely looks like a GUC to me, something
> like password_forbidden_encryption that PASSWORD VERIFIERS looks at
> and discards the methods listed in there. This definitely needs to be
> separated from password_encryption.
I don't know what a "password verifier" is and I bet nobody else does
either. Well, I think I sort of know: I think it's basically an
encrypted password. Am I right? Even if I am, I bet the average user
is going to scratch their head and punt.
I don't see that there's any good reason to allow the same password to
be stored in the catalog encrypted more than one way, and I don't
think there's any good reason to introduce the PASSWORD VERIFIER
terminology. I think we should store (1) your password, either
encrypted or unencrypted; and (2) the method used to encrypt it. And
that's it.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company