Il 06/01/25 20:28, Dan ha scritto:
On Mon, Jan 6, 2025 at 1:09 PM Guido Brugnara via module-authors
<module-authors@perl.org> wrote:
I will preface this by saying that I am a beginner in the use of
PAUSE, even though I registered my name (BRUGNARA) many years ago,
without using it until now.
I read [1] that it is recommended to ask for advice in this
mail-list in naming new modules.
I would like to publish a new module to generate SCRAM encrypted
password in the format used by PostgreSQL.
A source code (usable from the command line) can be found here:
https://www.leader.it/en/Blog/PostgreSQL_SCRAM-SHA-256_authentication
I just need to rewrite it using the appropriate package by making
available method, or an exported function
A name, I think suitable, could be:
Postgresql::Password::SCRAM
I would be grateful in receiving your opinion.
Seems reasonable to me; if you think a name less tied specifically to
Postgres would be appropriate, you could consider the Crypt:: top
level namespace, possibly still with a reference to PostgreSQL if it
is a specific algorithm for that. You also might avoid "Password" as
the function is an encryption scheme not a password generator. Note
that for discoverability, searches on metacpan will also easily find
terms mentioned in the module's abstract in the NAME section, and the
DESCRIPTION (see perldoc perlpodstyle).
If that's okay:
Crypt::PostgreSQL implementing the method "crypt" implementing
the tree format described in:
https://www.postgresql.org/docs/current/auth-password.html
|scram_sha_256 - SCRAM method using keys embedded in the code
||md5 - trivial as MD5 crypt |concatenating login and password
|||password - |it is useless because the password is in clear text
||
As a side note, Crypt::Salt uses the built in rand() which is not
cryptographically secure; you may consider something like
Crypt::URandom or Math::Random::Secure to retrieve securely random
bytes for a salt.
Well! I will use one of the two.
In case you need any tips regarding distribution layout and authoring,
you may find the beginning of my Dist::Zilla::Starter guide[1] useful
(whether or not you decide the bundle itself or dzil is useful).
Thank you for the suggestion. I have been trying Dist::Zilla since
yesterday.
Guido
P.S. I would need to change the e-mail for the account on PAUSE but the
password has expired and the old e-mail is in a subdomain now no longer
used. Who can I turn to?
Welcome to CPAN authoring!
-Dan
[1] https://metacpan.org/pod/Dist::Zilla::Starter
