On 11/8/22 12:26, Peter Eisentraut wrote: > On 04.11.22 21:39, Jacob Champion wrote: >> I don't think it's helpful for me to try to block progress on this >> patchset behind the other one. But is there a way for me to help this >> proposal skate in the same general direction? Could Peter's encryption >> framework expand to fit this case in the future? > > We already have support in libpq for doing this (PQencryptPasswordConn()).
Sure, but you can't access that in SQL, right? The hand-wavy part is to combine that existing function with your transparent encryption proposal, as a special-case encryptor whose output could be bound to the query. But I guess that wouldn't really help with ALTER ROLE ... PASSWORD, because you can't parameterize it. Hm... --Jacob