Re: User functions for building SCRAM secrets

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Re: User functions for building SCRAM secrets
Дата
Msg-id Y4at4BnxtPPH6w5g@paquier.xyz
обсуждение исходный текст
Ответ на Re: User functions for building SCRAM secrets  (Daniel Gustafsson <daniel@yesql.se>)
Ответы Re: User functions for building SCRAM secrets  ("Jonathan S. Katz" <jkatz@postgresql.org>)
Список pgsql-hackers
On Tue, Nov 29, 2022 at 09:32:34PM +0100, Daniel Gustafsson wrote:
> On the whole I tend to agree with Jacob upthread, while this does provide
> consistency it doesn't seem to move the needle for best practices.  Allowing
> scram_build_secret_sha256('password', 'a', 1); with the password potentially
> going in cleartext over the wire and into the logs doesn't seem like a great
> tradeoff for the (IMHO) niche usecases it would satisfy.

Should we try to make \password and libpq more flexible instead?  Two
things got discussed in this area since v10:
- The length of the random salt.
- The iteration number.

Or we could bump up the defaults, and come back to that in a few
years, again.. ;p
--
Michael

Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: Re: Collation version tracking for macOS
Следующее
От: Melanie Plageman
Дата:
Сообщение: Re: pg_stat_bgwriter.buffers_backend is pretty meaningless (and more?)