CREATE/ALTER ROLE with NULL password
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/11/sql-alterrole.html Description: When creating a role with no password, or altering a role to remove its password, the ENCRYPTED clause must not be present. The current synopsis for CREATE / ALTER ROLE give one of the allowed options as: [ ENCRYPTED ] PASSWORD 'password' and the current documentation for CREATE ROLE says: "The ENCRYPTED keyword has no effect, but is accepted for backwards compatibility." I think it might be worth explicitly specifying the password-blanking form for both commands as a new option in their synopses, e.g.: " CREATE ROLE name [ [ WITH ] option [ ... ] ] where option can be: SUPERUSER | NOSUPERUSER | CREATEDB | NOCREATEDB ... | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL ... " Also, there is inconsistency of quoting of 'password' in the synopsis for CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no quotes).
Re: Phrasing to consider (non-technical)
On Mon, Oct 29, 2018 at 02:50:22PM +, PG Doc comments form wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/11/static/datatype-datetime.html > Description: > > On the page for Data Types - DateTime, there is this part of a sentence: > > "so the same time zone names are also recognized by much other > software." > > The phrase of "much other software" is what caught me. An optional > replacement would be: "many other software systems." or "multiple software > packages." > > "much" has a connotation that doesn't fit here as well as "many" or > "multiple" would. > > Thanks for the documentation. It has been very helpful in clarifying some > things. I just went with simpler text, patch attached and backpatched. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription + diff --git a/doc/src/sgml/datatype.sgml b/doc/src/sgml/datatype.sgml new file mode 100644 index cae3fa9..8a7a695 *** a/doc/src/sgml/datatype.sgml --- b/doc/src/sgml/datatype.sgml *** January 8 04:05:06 1999 PST *** 2411,2417 linkend="view-pg-timezone-names"/>). PostgreSQL uses the widely-used IANA time zone data for this purpose, so the same time zone ! names are also recognized by much other software. --- 2411,2417 linkend="view-pg-timezone-names"/>). PostgreSQL uses the widely-used IANA time zone data for this purpose, so the same time zone ! names are also recognized other software.
Re: Phrasing to consider (non-technical)
On Wed, Nov 21, 2018 at 04:56:40PM -0500, Bruce Momjian wrote: > On Mon, Oct 29, 2018 at 02:50:22PM +, PG Doc comments form wrote: > > The following documentation comment has been logged on the website: > > > > Page: https://www.postgresql.org/docs/11/static/datatype-datetime.html > > Description: > > > > On the page for Data Types - DateTime, there is this part of a sentence: > > > > "so the same time zone names are also recognized by much other > > software." > > > > The phrase of "much other software" is what caught me. An optional > > replacement would be: "many other software systems." or "multiple software > > packages." > > > > "much" has a connotation that doesn't fit here as well as "many" or > > "multiple" would. > > > > Thanks for the documentation. It has been very helpful in clarifying some > > things. > > I just went with simpler text, patch attached and backpatched. Ah, removed one too many words. The new text is now: names are also recognized by other software. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
Re: CREATE/ALTER ROLE with NULL password
On Wed, Nov 21, 2018 at 07:36:59PM +, PG Doc comments form wrote:
> The current synopsis for CREATE / ALTER ROLE give one of the allowed options
> as:
> [ ENCRYPTED ] PASSWORD 'password'
> and the current documentation for CREATE ROLE says:
> "The ENCRYPTED keyword has no effect, but is accepted for backwards
> compatibility."
The grammar is still supported, so keeping it documented has no actual
problems until it gets removed, if that happens. Keeping it is not a
real maintenance burden either.
> I think it might be worth explicitly specifying the password-blanking form
> for both commands as a new option in their synopses, e.g.:
>
> "
> CREATE ROLE name [ [ WITH ] option [ ... ] ]
>
> where option can be:
>
> SUPERUSER | NOSUPERUSER
> | CREATEDB | NOCREATEDB
> ...
> | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
> ...
> "
Yes, that the set of grammar combination supported, as ENCRYPTED
PASSWORD NULL is not possible.
> Also, there is inconsistency of quoting of 'password' in the synopsis for
> CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no
> quotes).
Agreed, this should have quotes for consistency. Any objections with
the attached set of fixes from anybody?
--
Michael
diff --git a/doc/src/sgml/ref/alter_role.sgml b/doc/src/sgml/ref/alter_role.sgml
index 573a3e80f7..dbf258ef50 100644
--- a/doc/src/sgml/ref/alter_role.sgml
+++ b/doc/src/sgml/ref/alter_role.sgml
@@ -33,7 +33,7 @@ ALTER ROLE role_specification [ WIT
| REPLICATION | NOREPLICATION
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT connlimit
-| [ ENCRYPTED ] PASSWORD 'password'
+| [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
| VALID UNTIL 'timestamp'
ALTER ROLE name RENAME TO new_name
@@ -168,7 +168,8 @@ ALTER ROLE { role_specification | A
BYPASSRLS
NOBYPASSRLS
CONNECTION LIMIT connlimit
- [ ENCRYPTED ] PASSWORD password
+ [ ENCRYPTED ] PASSWORD 'password'
+ PASSWORD NULL
VALID UNTIL 'timestamp'
diff --git a/doc/src/sgml/ref/alter_user.sgml b/doc/src/sgml/ref/alter_user.sgml
index 8f50f43089..6769c8ecc4 100644
--- a/doc/src/sgml/ref/alter_user.sgml
+++ b/doc/src/sgml/ref/alter_user.sgml
@@ -33,7 +33,7 @@ ALTER USER role_specification [ WIT
| REPLICATION | NOREPLICATION
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT connlimit
-| [ ENCRYPTED ] PASSWORD 'password'
+| [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
| VALID UNTIL 'timestamp'
ALTER USER name RENAME TO new_name
diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml
index 9c3b6978af..db842732a8 100644
--- a/doc/src/sgml/ref/create_role.sgml
+++ b/doc/src/sgml/ref/create_role.sgml
@@ -33,7 +33,7 @@ CREATE ROLE name [ [ WITH ] connlimit
-| [ ENCRYPTED ] PASSWORD 'password'
+| [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
| VALID UNTIL 'timestamp'
| IN ROLE role_name [, ...]
| IN GROUP role_name [, ...]
@@ -210,7 +210,8 @@ CREATE ROLE name [ [ WITH ]
- [ ENCRYPTED ] PASSWORD password
+ [ ENCRYPTED ] PASSWORD 'password'
+ PASSWORD NULL
Sets the role's password. (A password is only of use for
diff --git a/doc/src/sgml/ref/create_user.sgml b/doc/src/sgml/ref/create_user.sgml
index a51dc50c97..198e06e723 100644
--- a/doc/src/sgml/ref/create_user.sgml
+++ b/doc/src/sgml/ref/create_user.sgml
@@ -33,7 +33,7 @@ CREATE USER name [ [ WITH ] connlimit
-| [ ENCRYPTED ] PASSWORD 'password'
+| [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
| VALID UNTIL 'timestamp'
| IN ROLE role_name [, ...]
| IN GROUP role_name [, ...]
signature.asc
Description: PGP signature
Re: CREATE/ALTER ROLE with NULL password
On Wednesday, November 21, 2018, Michael Paquier wrote: > Yes, that the set of grammar combination supported, as ENCRYPTED > PASSWORD NULL is not possible. > > Any objections with > the attached set of fixes from anybody? > Should tweak the paragraph to point out this exception as well. The ENCRYPTED keyword has no effect, but is accepted for backwards compatibility[, except in the PASSWORD NULL form.] David J.
Re: CREATE/ALTER ROLE with NULL password
On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote: > Should tweak the paragraph to point out this exception as well. > > The ENCRYPTED keyword has no effect, but is accepted for backwards > compatibility[, except in the PASSWORD NULL form.] The docs list the following with the patch as supported grammar: [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL And it seems to me that '|' has priority over '[]', so ENCRYPTED does not apply to PASSWORD NULL if phrased this way. -- Michael signature.asc Description: PGP signature
