Re: Possible to store invalid SCRAM-SHA-256 Passwords
raf <raf@raf.org>
From: raf@raf.org
To: pgsql-bugs@lists.postgresql.org
Date: 2019-04-22T21:49:24Z
Lists: pgsql-bugs
Stephen Frost wrote: > I agree we should also handle md5 better. I realize this needs to be > back-patched and so we have to deal with the existing catalog structure, > but this really screams out, in my mind anyway, that we shouldn't have > ever tried to just stash the password-encoding-type into the password > field and that we should have pulled it out into its own column, so that > we aren't having to guess about things as important as a password. > > Thanks! > > Stephen I don't think there's anything wrong with prefixing a password hash with an identifier for the password hashing scheme (and any parameters for that scheme). This is done all the time in many systems. It just has to be unambiguoous.
Commits
-
Fix detection of passwords hashed with MD5
- a82c06f4001d 9.4.22 landed
- 20dbc84bd002 9.5.17 landed
- af298f00a1e8 9.6.13 landed
-
Fix detection of passwords hashed with MD5 or SCRAM-SHA-256
- 15fe91e70ec6 10.8 landed
- 7f56d43663dd 11.3 landed
- ccae190b916f 12.0 landed