On 8/11/17 09:27, Peter Eisentraut wrote:
> On 8/11/17 09:06, Álvaro Hernández Tortosa wrote:
>> Strictly speaking the RFC assumes that the username is at least 1
>> character. I understand this was precisely Peter's original comment.
>
> Well, my main point was that the documentation, the c
On 8/11/17 09:06, Álvaro Hernández Tortosa wrote:
> Strictly speaking the RFC assumes that the username is at least 1
> character. I understand this was precisely Peter's original comment.
Well, my main point was that the documentation, the code, and the code
comments all say slightly differ
On 8/11/17 07:18, Michael Paquier wrote:
> The problem is where a username includes characters as a comma or '=',
> which can be avoided if the string is in UTF-8 as the username is
> prepared with SASLprep before being used in the SASL exchange, but we
> have no way now to be sure now that the str
On 11/08/17 15:00, Michael Paquier wrote:
On Fri, Aug 11, 2017 at 9:31 PM, Álvaro Hernández Tortosa
wrote:
On 11/08/17 13:18, Michael Paquier wrote:
On Fri, Aug 11, 2017 at 3:50 PM, Álvaro Hernández Tortosa
wrote:
Relatedly, the SCRAM specification doesn't appear to allow omitting the
user
On Fri, Aug 11, 2017 at 9:31 PM, Álvaro Hernández Tortosa
wrote:
> On 11/08/17 13:18, Michael Paquier wrote:
>> On Fri, Aug 11, 2017 at 3:50 PM, Álvaro Hernández Tortosa
>> wrote:
Relatedly, the SCRAM specification doesn't appear to allow omitting the
user name in this manner. Why don'
On 11/08/17 13:18, Michael Paquier wrote:
On Fri, Aug 11, 2017 at 3:50 PM, Álvaro Hernández Tortosa
wrote:
On 11/08/17 03:57, Peter Eisentraut wrote:
The SCRAM protocol documentation
(https://www.postgresql.org/docs/devel/static/sasl-authentication.html)
states
"To avoid confusion, the clie
On Fri, Aug 11, 2017 at 3:50 PM, Álvaro Hernández Tortosa
wrote:
> On 11/08/17 03:57, Peter Eisentraut wrote:
>> The SCRAM protocol documentation
>> (https://www.postgresql.org/docs/devel/static/sasl-authentication.html)
>> states
>>
>> "To avoid confusion, the client should use pg_same_as_startup
On 11/08/17 03:57, Peter Eisentraut wrote:
The SCRAM protocol documentation
(https://www.postgresql.org/docs/devel/static/sasl-authentication.html)
states
"To avoid confusion, the client should use pg_same_as_startup_message as
the username in the client-first-message."
However, the client im
The SCRAM protocol documentation
(https://www.postgresql.org/docs/devel/static/sasl-authentication.html)
states
"To avoid confusion, the client should use pg_same_as_startup_message as
the username in the client-first-message."
However, the client implementation in libpq doesn't actually do that,
