On 8/11/17 07:18, Michael Paquier wrote: > The problem is where a username includes characters as a comma or '=', > which can be avoided if the string is in UTF-8 as the username is > prepared with SASLprep before being used in the SASL exchange, but we > have no way now to be sure now that the string is actually in UTF-8. > If at some point we decide that only things using UTF-8 are good to be > used during authentication, using the username in the exchange > messages instead of the one in the startup packet would be fine and > actually better IMO in the long term. Please note that the > specification says that both the username and the password must be > encoded in UTF-8, so we are not completely compliant here. If there is > something to address, that would be this part.
So we already handle passwords. Can't we handle user names the same way? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
