On Fri, Aug 7, 2015 at 6:54 PM, Michael Paquier <michael.paqu...@gmail.com> wrote: > This filtering machinery definitely looks like a GUC to me, something > like password_forbidden_encryption that PASSWORD VERIFIERS looks at > and discards the methods listed in there. This definitely needs to be > separated from password_encryption.
I don't know what a "password verifier" is and I bet nobody else does either. Well, I think I sort of know: I think it's basically an encrypted password. Am I right? Even if I am, I bet the average user is going to scratch their head and punt. I don't see that there's any good reason to allow the same password to be stored in the catalog encrypted more than one way, and I don't think there's any good reason to introduce the PASSWORD VERIFIER terminology. I think we should store (1) your password, either encrypted or unencrypted; and (2) the method used to encrypt it. And that's it. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
