On Mon, Mar 13, 2017 at 04:48:21PM +0800, Craig Ringer wrote: > On 12 March 2017 at 06:51, Joe Conway <m...@joeconway.com> wrote: > > > My opinion is that the user visible aspects of this should be deprecated > > and correct syntax provided. But perhaps that is overkill. > > FWIW, in my experience, pretty much nobody understands the pretty > tangled behaviour of "WITH [ENCRYPTED] PASSWORD", you have to > understand the fact table of: > > * ENCRYPTED, UNENCRYPTED or neither set > * password_encryption GUC on or off > * password begins / doesn't begin with fixed string 'md5' > > to fully know what will happen. > > Then of course, you have to understand how all this interacts with > pg_hba.conf's 'password' and 'md5' options. > > It's a right mess. Since our catalogs don't keep track of the hash > separately to the password text and use prefixes instead, and since we > need compatibility for dumps, it's hard to do a great deal about > though.
With SCRAM coming in PG 10, is there anything we can do to clean this up for PG 10? -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
