On Tue, Apr 25, 2017 at 8:29 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Robert Haas <robertmh...@gmail.com> writes: > > On Tue, Apr 25, 2017 at 11:26 AM, Heikki Linnakangas <hlinn...@iki.fi> > wrote: > >> A) Have PQencryptPassword() return an md5 hash. > >> > >> B) Have PQencryptPassword() return a SCRAM verifier > >> > >> C) Have PQencryptPassword() return a SCRAM verifier if connected to a > v10 > >> server, and an md5 hash otherwise. This is tricky, because > PQencryptPassword > >> doesn't take a PGconn argument. It could behave like PQescapeString() > does, > >> and choose md5/scram depending on the server version of the last > connection > >> that was established. > > > I vote for A - leave PQencryptPassword() as-is, and deprecate it. > > Tell people to use the new function going forward. > > +1. I never much liked that magic behavior of PQescapeString, and don't > think we should replicate it elsewhere, so I definitely don't like (C). > And I don't think we can do (B) because that will break the functionality > altogether when talking to an older server. That leaves (A) plus invent > a new function. > +1. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>