Is there a TODO here? ---------------------------------------------------------------------------
On Wed, Aug 10, 2011 at 09:43:18PM +0300, Peter Eisentraut wrote: > On ons, 2011-08-10 at 19:29 +0100, Dave Page wrote: > > On Wed, Aug 10, 2011 at 7:06 PM, Peter Eisentraut <pete...@gmx.net> wrote: > > > I would like to see whether there is support for adding sha1 and sha2 > > > functions into the core. These are obviously well-known and widely used > > > functions, but currently the only way to get them is either through > > > pgcrypto or one of the PLs. We could say that's OK, but then we do > > > support md5 in core, which then encourages people to use that, when they > > > really shouldn't use that for new applications. > > > > Slightly different, but related - I've seen complaints that we only > > use md5 for password storage/transmission, which is apparently not > > acceptable under some government security standards. In the most > > recent case, they wanted to be able to use sha256 for password storage > > (transmission isn't really an issue where SSL can be used of course). > > Yeah, that's one of those things. These days, using md5 for anything > raises red flags, so it would be better to slowly move some alternatives > into place. > > > If we're ready to move more hashing functions into core, then it seems > > reasonable to add more options for password storage to help those who > > need to meet mandated standards. > > Yes, that would be good. > > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
