Re: [PoC/RFC] Multiple passwords, interval expirations
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Jeff Davis <pgsql@j-davis.com>
Cc: Nathan Bossart <nathandbossart@gmail.com>, Gurjeet Singh <gurjeet@singh.im>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Stephen Frost <sfrost@snowman.net>, "Brindle, Joshua" <joshuqbr@amazon.com>, Jacob Champion <jchampion@timescale.com>
Date: 2023-10-06T20:46:01Z
Lists: pgsql-hackers
On Fri, Oct 6, 2023 at 01:20:03PM -0700, Jeff Davis wrote: > The basic problem, as I see it, is: how do we keep users from > accidentally dropping the wrong password? Generated unique names or I thought we could auto-remove old password if the valid-until date is in the past. You would need a separate ALTER command to sets its date in the past without that. Also, defining a new password could require setting the expiration date of the old password to make future additions easier. For pg_authid, I was thinking of columns: ADD rolpassword_old ADD rolvaliduntil_old EXISTS rolpassword EXISTS rolvaliduntil I did blog about the password rotation problem and suggested certificates: https://momjian.us/main/blogs/pgblog/2020.html#July_17_2020 -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
MergeAttributes: convert pg_attribute back to ColumnDef before comparing
- 4d969b2f85e1 17.0 cited