On Tue, Nov 29, 2022 at 09:32:34PM +0100, Daniel Gustafsson wrote:
> On the whole I tend to agree with Jacob upthread, while this does provide
> consistency it doesn't seem to move the needle for best practices. Allowing
> scram_build_secret_sha256('password', 'a', 1); with the password potentially
> going in cleartext over the wire and into the logs doesn't seem like a great
> tradeoff for the (IMHO) niche usecases it would satisfy.Should we try to make \password and libpq more flexible instead? Two things got discussed in this area since v10: - The length of the random salt. - The iteration number. Or we could bump up the defaults, and come back to that in a few years, again.. ;p -- Michael
signature.asc
Description: PGP signature
