On Thu, Mar 9, 2017 at 1:17 AM, Joe Conway <m...@joeconway.com> wrote:
> On 03/07/2017 08:29 PM, Tom Lane wrote:
>> Michael Paquier <michael.paqu...@gmail.com> writes:
>>> here is a separate thread dedicated to the following extension for
>>> CREATE/ALTER ROLE: PASSWORD ('value' USING 'method').
>>
>> The parentheses seem weird ... do we really need those?
>
> +1Seeing 3 opinions in favor of that, let's do so then. I have updated the patch to not use parenthesis. >> + If you do not plan to use password authentication you can omit this >> + option. The methods supported are <literal>md5</> to enforce a >> password >> + to be MD5-encrypted, <literal>scram</> for a SCRAM-encrypted >> password >> + and <literal>plain</> for an unencrypted password. If the password > > Can we please stop calling this encryption? What is being done is a form > of cryptographic hashing, not encryption. Yes, I agree with that for MD5, and after looking around I can see (like here http://prosody.im/doc/plain_or_hashed) as well that SCRAM-hashed is used. Now, there are as well references to the salt, like in protocol.sgml: "The salt to use when encrypting the password." Joe, do you think that in this case using the term "hashing" would be more appropriate? I would think so as we use it to hash the password. The patch attached removes the parenthesis for this grammar, and uses "hashed" instead of "encrypted" for the new documentation. For the existing documentation, perhaps we had better just spawn a new thread, but I am unsure of all the details yet. Opinions welcome. -- Michael
0001-Add-clause-PASSWORD-val-USING-protocol-to-CREATE-ALT.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
