On 04/12/2017 08:38 PM, Álvaro Hernández Tortosa wrote:
- Even though I don't really care about SCRAM, and without having any
prior knowledge about SCRAM, I volunteered some time ago to study SCRAM,
give a lightning talk about SCRAM and later write a client
implementation for the jdbc driver. And I have already devoted a very
fair amount of time in doing so, and will keep doing that until all code
is done. Code WIP is here FYI: https://github.com/ahachete/scram. So
it's not that I haven't already put my code behind my words.
That is very much appreciated! You writing a second implementation of
the client-side support (libpq being the first) is very, very helpful,
to validate that the protocol is sane, unambiguous, and adequately
documented.
On 12/04/17 18:38, Robert Haas wrote:
Furthermore, I think that the state of this feature as it currently
exists in the tree is actually kind of concerning. There are
currently four open items pertaining to SCRAM at least two of which
look to my mind an awful lot like stuff that should have ideally been
handled pre-feature-freeze: \password support, and protocol
negotiation. I'm grateful for the hard work that has gone into this
feature, but these are pretty significant loose ends. \password
support is a basic usability issue. Protocol negotiation affects
anyone who may want to make their PG driver work with this feature,
and certainly can't be changed after final release, and ideally not
even after beta. We really, really need to get that stuff nailed down
ASAP or we're going to have big problems. So I think we should focus
on those things, not this.
Yes, we need to nail down the protocol and \password before beta. I am
working on them now.
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
