From: | Josh Kupershmidt <schmiddy(at)gmail(dot)com> |
---|---|
To: | Phil Olson <philip(dot)olson(dot)m(at)gmail(dot)com> |
Cc: | pgsql-docs <pgsql-docs(at)postgresql(dot)org> |
Subject: | Re: Documentation for CREATE USER |
Date: | 2014-10-14 16:22:06 |
Message-ID: | CAK3UJRHW0yhJ0NjbsXpBHNspv0g72ctF4zCR2rrrF_vOLdioqA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs |
On Thu, Oct 9, 2014 at 5:29 PM, Phil Olson <philip(dot)olson(dot)m(at)gmail(dot)com> wrote:
> In short, I think it should be made clear that an encrypted user password
> for all intents and purposes, is simply obfuscated.
Well, I do agree that "encrypted" is a misleading word to use in this
context, since "hashed" is the technically correct description of what
gets stored in pg_authid.rolpassword when one uses:
CREATE ROLE ... WITH ENCRYPTED PASSWORD 'secret'
Though of course it's too late to change the SQL syntax we accept. And
I'm not sure whether a doc change is needed, or where it should go if
it is -- the section on pg_authid [1] already accurately spells out
how we store rolpassword when the ENCRYPTED option is given. Possibly
that description could be a bit more clear about the fact that
"possibly encrypted" is talking about the 'ENCRYPTED' option of CREATE
ROLE.
I don't agree with the characterization of md5 hashing with a salt
(not a particularly strong salt choice, but a salt nonetheless) as
being "simply obfuscated". Here's a short summary of how obfuscation
vs. hashing vs. encryption are generally distinguished:
http://stackoverflow.com/a/184369/1772673
> Encrypted implies secure,
See link above, "encrypted" has a basically well-understood definition.
Josh
[1] http://www.postgresql.org/docs/current/static/catalog-pg-authid.html
From | Date | Subject | |
---|---|---|---|
Next Message | Phil Olson | 2014-10-14 17:47:12 | Re: Documentation for CREATE USER |
Previous Message | Marti Raudsepp | 2014-10-13 22:54:12 | Re: [BUGS] BUG #11661: CASE ELSE is evaluated although condition is true |