public inbox for pgsql-docs@postgresql.org
help / color / mirror / Atom feedFrom: Tom Lane <tgl@sss.pgh.pa.us>
To: chris@chrullrich.net
Cc: pgsql-docs@lists.postgresql.org
Subject: Re: Error in 18.4 release notes
Date: Fri, 15 May 2026 18:13:27 -0400
Message-ID: <1434211.1778883207@sss.pgh.pa.us> (raw)
In-Reply-To: <177883653690.764749.14038057906859461991@wrigleys.postgresql.org>
References: <177883653690.764749.14038057906859461991@wrigleys.postgresql.org>
PG Doc comments form <noreply@postgresql.org> writes:
> The 18.4 release notes say this: "Use timing-safe string comparisons in
> authentication code (Michael Paquier) Use timingsafe_bcmp() instead of
> memcpy() or strcmp() when checking passwords, ..."
> I think that should be memcmp() instead of memcpy().
Sigh, you're right --- that's my thinko. Will fix in git for posterity's
sake, though the notes are already out and probably no-one will care
anymore by the time of the next release.
regards, tom lane
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: pgsql-docs@postgresql.org
Cc: tgl@sss.pgh.pa.us, chris@chrullrich.net, pgsql-docs@lists.postgresql.org
Subject: Re: Error in 18.4 release notes
In-Reply-To: <1434211.1778883207@sss.pgh.pa.us>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox