On Tue, Apr 11, 2023 at 11:27:17AM +0200, Magnus Hagander wrote: > Having the function always generate a random salt seems more > reasonable though, and would perhaps be something that helps in some > of the cases? It won't help with the password policy one, as it's too > secure for that, but it would help with the postgres-is-the-client > one?
While this is still hot.. Would it make sense to have a scram_salt_length GUC to control the length of the salt used when generating the SCRAM secret? -- Michael
signature.asc
Description: PGP signature