Re: Possible to store invalid SCRAM-SHA-256 Passwords

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Michael Paquier <michael@paquier.xyz>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, "Jonathan S. Katz" <jkatz@postgresql.org>, pgsql-bugs@lists.postgresql.org
Date: 2019-04-23T14:43:06Z
Lists: pgsql-bugs
Greetings,

* Michael Paquier (michael@paquier.xyz) wrote:
> On Mon, Apr 22, 2019 at 09:52:15AM -0400, Stephen Frost wrote:
> > I recall having exactly that debate when SCRAM was being worked on and
> > the push-back basically being that it was more work and we'd have to
> > have additional syntax for ALTER USER, et al.  I wish I had had more
> > time to spend on that discussion.  Water under the bridge now, but
> > hopefully we learn from this and maybe someone refactors how this works
> > sometime soon (or, at least, whenever we add the next password
> > encoding).
> 
> I am not sure that this would have been more work for ALTER TABLE as
> we could have relied on just password_encryption to do the work as we
> do now.  The reluctance was to have more additional columns in
> pg_authid as far as I recall, and I sided with having a separate
> catalog, and more independent verifier type checks in the catalogs, as
> you may recall, which would have also eased password rollups for a
> given role.

Yes, having an indepedent catalog table would have been a good approach
too, much better than where we're at now.  I hope someone has time to
work on that for a future version.

Thanks!

Stephen

Commits

  1. Fix detection of passwords hashed with MD5

  2. Fix detection of passwords hashed with MD5 or SCRAM-SHA-256