Thread
Commits
-
Clarify documentation about PASSWORD in CREATE/ALTER ROLE
- 3dab288f492d 11.2 landed
- d392e9bdea95 12.0 landed
-
CREATE/ALTER ROLE with NULL password
The Post Office <noreply@postgresql.org> — 2018-11-21T19:36:59Z
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/11/sql-alterrole.html Description: When creating a role with no password, or altering a role to remove its password, the ENCRYPTED clause must not be present. The current synopsis for CREATE / ALTER ROLE give one of the allowed options as: [ ENCRYPTED ] PASSWORD 'password' and the current documentation for CREATE ROLE says: "The ENCRYPTED keyword has no effect, but is accepted for backwards compatibility." I think it might be worth explicitly specifying the password-blanking form for both commands as a new option in their synopses, e.g.: " CREATE ROLE name [ [ WITH ] option [ ... ] ] where option can be: SUPERUSER | NOSUPERUSER | CREATEDB | NOCREATEDB ... | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL ... " Also, there is inconsistency of quoting of 'password' in the synopsis for CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no quotes). -
Re: CREATE/ALTER ROLE with NULL password
Michael Paquier <michael@paquier.xyz> — 2018-11-22T02:07:59Z
On Wed, Nov 21, 2018 at 07:36:59PM +0000, PG Doc comments form wrote: > The current synopsis for CREATE / ALTER ROLE give one of the allowed options > as: > [ ENCRYPTED ] PASSWORD 'password' > and the current documentation for CREATE ROLE says: > "The ENCRYPTED keyword has no effect, but is accepted for backwards > compatibility." The grammar is still supported, so keeping it documented has no actual problems until it gets removed, if that happens. Keeping it is not a real maintenance burden either. > I think it might be worth explicitly specifying the password-blanking form > for both commands as a new option in their synopses, e.g.: > > " > CREATE ROLE name [ [ WITH ] option [ ... ] ] > > where option can be: > > SUPERUSER | NOSUPERUSER > | CREATEDB | NOCREATEDB > ... > | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL > ... > " Yes, that the set of grammar combination supported, as ENCRYPTED PASSWORD NULL is not possible. > Also, there is inconsistency of quoting of 'password' in the synopsis for > CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no > quotes). Agreed, this should have quotes for consistency. Any objections with the attached set of fixes from anybody? -- Michael
-
Re: CREATE/ALTER ROLE with NULL password
David G. Johnston <david.g.johnston@gmail.com> — 2018-11-22T06:58:25Z
On Wednesday, November 21, 2018, Michael Paquier <michael@paquier.xyz> wrote: > Yes, that the set of grammar combination supported, as ENCRYPTED > PASSWORD NULL is not possible. > > Any objections with > the attached set of fixes from anybody? > Should tweak the paragraph to point out this exception as well. The ENCRYPTED keyword has no effect, but is accepted for backwards compatibility[, except in the PASSWORD NULL form.] David J.
-
Re: CREATE/ALTER ROLE with NULL password
Michael Paquier <michael@paquier.xyz> — 2018-11-22T07:58:06Z
On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote: > Should tweak the paragraph to point out this exception as well. > > The ENCRYPTED keyword has no effect, but is accepted for backwards > compatibility[, except in the PASSWORD NULL form.] The docs list the following with the patch as supported grammar: [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL And it seems to me that '|' has priority over '[]', so ENCRYPTED does not apply to PASSWORD NULL if phrased this way. -- Michael
-
Re: CREATE/ALTER ROLE with NULL password
David G. Johnston <david.g.johnston@gmail.com> — 2018-11-22T16:54:07Z
On Thursday, November 22, 2018, Michael Paquier <michael@paquier.xyz> wrote: > On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote: > > Should tweak the paragraph to point out this exception as well. > > > > The ENCRYPTED keyword has no effect, but is accepted for backwards > > compatibility[, except in the PASSWORD NULL form.] > > The docs list the following with the patch as supported grammar: > [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL > And it seems to me that '|' has priority over '[]', so ENCRYPTED does > not apply to PASSWORD NULL if phrased this way. > > Yes, the syntax block is perfectly clear but we still explain said grammer in words and should be precise there as well, IMO. Not a big deal though. David J.
-
Re: CREATE/ALTER ROLE with NULL password
Michael Paquier <michael@paquier.xyz> — 2018-11-23T00:13:26Z
On Thu, Nov 22, 2018 at 09:54:07AM -0700, David G. Johnston wrote: > On Thursday, November 22, 2018, Michael Paquier <michael@paquier.xyz> wrote: >> The docs list the following with the patch as supported grammar: >> [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL >> And it seems to me that '|' has priority over '[]', so ENCRYPTED does >> not apply to PASSWORD NULL if phrased this way. > > Yes, the syntax block is perfectly clear but we still explain said grammer > in words and should be precise there as well, IMO. Not a big deal though. Okay, thanks. I have committed the simplest version. -- Michael