On Wed, 9 Nov 2016 15:23:11 +0900
Michael Paquier <michael.paqu...@gmail.com> wrote:

> (This is about patch 0007, not 0001)
> Thanks, you are right. That's not good as-is. So this basically means
> that the characters here should be from 32 to 127 included.

Really, most important is to exclude comma from the list of allowed
characters. And this prevents us from using a range.

I'd do something like:

char prinables="0123456789ABCDE...xyz!@#*&+";
unsigned int r;

for (i=0;i<SCRAM_NONCE_SIZE;i++) {
     pg_strong_random(&r,sizeof(unsigned int))
     /* -1 is here to exclude terminating zero byte*/

> generate_nonce needs just to be made smarter in the way it selects the
> character bytes.

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to