Thread

Commits

  1. Clarify documentation about PASSWORD in CREATE/ALTER ROLE

  1. CREATE/ALTER ROLE with NULL password

    The Post Office <noreply@postgresql.org> — 2018-11-21T19:36:59Z

    The following documentation comment has been logged on the website:
    
    Page: https://www.postgresql.org/docs/11/sql-alterrole.html
    Description:
    
    When creating a role with no password, or altering a role to remove its
    password, the ENCRYPTED clause must not be present.
    The current synopsis for CREATE / ALTER ROLE give one of the allowed options
    as:
    [ ENCRYPTED ] PASSWORD 'password'
    and the current documentation for CREATE ROLE says:
    "The ENCRYPTED keyword has no effect, but is accepted for backwards
    compatibility."
    
    I think it might be worth explicitly specifying the password-blanking form
    for both commands as a new option in their synopses, e.g.:
    
    "
    CREATE ROLE name [ [ WITH ] option [ ... ] ]
    
    where option can be:
    
          SUPERUSER | NOSUPERUSER
        | CREATEDB | NOCREATEDB
        ...
        | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
        ...
    "
    
    Also, there is inconsistency of quoting of 'password' in the synopsis for
    CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no
    quotes).
    
  2. Re: CREATE/ALTER ROLE with NULL password

    Michael Paquier <michael@paquier.xyz> — 2018-11-22T02:07:59Z

    On Wed, Nov 21, 2018 at 07:36:59PM +0000, PG Doc comments form wrote:
    > The current synopsis for CREATE / ALTER ROLE give one of the allowed options
    > as:
    > [ ENCRYPTED ] PASSWORD 'password'
    > and the current documentation for CREATE ROLE says:
    > "The ENCRYPTED keyword has no effect, but is accepted for backwards
    > compatibility."
    
    The grammar is still supported, so keeping it documented has no actual
    problems until it gets removed, if that happens.  Keeping it is not a
    real maintenance burden either.
    
    > I think it might be worth explicitly specifying the password-blanking form
    > for both commands as a new option in their synopses, e.g.:
    > 
    > "
    > CREATE ROLE name [ [ WITH ] option [ ... ] ]
    > 
    > where option can be:
    > 
    >       SUPERUSER | NOSUPERUSER
    >     | CREATEDB | NOCREATEDB
    >     ...
    >     | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
    >     ...
    > "
    
    Yes, that the set of grammar combination supported, as ENCRYPTED
    PASSWORD NULL is not possible.
    
    > Also, there is inconsistency of quoting of 'password' in the synopsis for
    > CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no
    > quotes).
    
    Agreed, this should have quotes for consistency.  Any objections with
    the attached set of fixes from anybody?
    --
    Michael
    
  3. Re: CREATE/ALTER ROLE with NULL password

    David G. Johnston <david.g.johnston@gmail.com> — 2018-11-22T06:58:25Z

    On Wednesday, November 21, 2018, Michael Paquier <michael@paquier.xyz>
    wrote:
    
    > Yes, that the set of grammar combination supported, as ENCRYPTED
    > PASSWORD NULL is not possible.
    >
    > Any objections with
    > the attached set of fixes from anybody?
    >
    
    Should tweak the paragraph to point out this exception as well.
    
     The ENCRYPTED keyword has no effect, but is accepted for backwards
    compatibility[, except in the PASSWORD NULL form.]
    
    David J.
    
  4. Re: CREATE/ALTER ROLE with NULL password

    Michael Paquier <michael@paquier.xyz> — 2018-11-22T07:58:06Z

    On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote:
    > Should tweak the paragraph to point out this exception as well.
    > 
    >  The ENCRYPTED keyword has no effect, but is accepted for backwards
    > compatibility[, except in the PASSWORD NULL form.]
    
    The docs list the following with the patch as supported grammar:
    [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
    And it seems to me that '|' has priority over '[]', so ENCRYPTED does
    not apply to PASSWORD NULL if phrased this way.
    --
    Michael
    
  5. Re: CREATE/ALTER ROLE with NULL password

    David G. Johnston <david.g.johnston@gmail.com> — 2018-11-22T16:54:07Z

    On Thursday, November 22, 2018, Michael Paquier <michael@paquier.xyz> wrote:
    
    > On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote:
    > > Should tweak the paragraph to point out this exception as well.
    > >
    > >  The ENCRYPTED keyword has no effect, but is accepted for backwards
    > > compatibility[, except in the PASSWORD NULL form.]
    >
    > The docs list the following with the patch as supported grammar:
    > [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
    > And it seems to me that '|' has priority over '[]', so ENCRYPTED does
    > not apply to PASSWORD NULL if phrased this way.
    >
    >
    Yes, the syntax block is perfectly clear but we still explain said grammer
    in words and should be precise there as well, IMO.  Not a big deal though.
    
    David J.
    
  6. Re: CREATE/ALTER ROLE with NULL password

    Michael Paquier <michael@paquier.xyz> — 2018-11-23T00:13:26Z

    On Thu, Nov 22, 2018 at 09:54:07AM -0700, David G. Johnston wrote:
    > On Thursday, November 22, 2018, Michael Paquier <michael@paquier.xyz> wrote:
    >> The docs list the following with the patch as supported grammar:
    >> [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
    >> And it seems to me that '|' has priority over '[]', so ENCRYPTED does
    >> not apply to PASSWORD NULL if phrased this way.
    >
    > Yes, the syntax block is perfectly clear but we still explain said grammer
    > in words and should be precise there as well, IMO.  Not a big deal though.
    
    Okay, thanks.  I have committed the simplest version.
    --
    Michael