On Wed, 9 Nov 2016 15:23:11 +0900 Michael Paquier <michael.paqu...@gmail.com> wrote:
> > (This is about patch 0007, not 0001) > Thanks, you are right. That's not good as-is. So this basically means > that the characters here should be from 32 to 127 included. Really, most important is to exclude comma from the list of allowed characters. And this prevents us from using a range. I'd do something like: char prinables="0123456789ABCDE...xyz!@#*&+"; unsigned int r; for (i=0;i<SCRAM_NONCE_SIZE;i++) { pg_strong_random(&r,sizeof(unsigned int)) nonce[i]=printables[r%(sizeof(prinables)-1)] /* -1 is here to exclude terminating zero byte*/ } > generate_nonce needs just to be made smarter in the way it selects the > character bytes. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers