PostgreSQL TAP test has become over the last couple of years an advanced facility gaining in more and more features which allow for complicated regression test scenarios written in perl, with perl 5.8.0 being a minimum requirement. As of now, TAP tests are divided into different pieces in the code tree:

The following commit adds a new feature which is part of Postgres 11, and matters a lot for a couple of tools:

The following commit, which has introduced a new feature for PostgreSQL 11, introduces the possibility to lower a bit the set of permissions around data folders:

PostgreSQL 11 is releasing a small binary called pg_verify_checksums which is able to check if page-level checksums are in a sane state for a cluster which has been cleanly shutdown (this is necessary so as not not face checksum inconsistencies because of torn pages).

INCLUDE clause for indexes (as known as covering indexes), is a new feature of PostgreSQL 11 which has been committed recently:

As the week ends, here is an explanation behind the following commit which has changed a bit the way the libpq routine called PQhost behaves:

Postgres 10 has introduced a lot of basic infrastructure for table partitioning with the presence of mainly a new syntax, and a lot of work happens in this area lately with many new features added in version 11 which is currently in development. This post is about the following commit:

passwordcheck is a PostgreSQL contrib module able to check if raw password strings are able to respect some policies. For encrypted password, which is what should be used in most cases to avoid passing plain text passwords over the wire have limited checks, still it is possible to check for example for MD5-hashed entries if they match the user name. For plain text password, things get a bit more advanced, with the following characteristics:

This post is about a new feature of PostgreSQL 11 I have been working on for the last couple of months, which has finally been merged into the upstream repository. So if nothing goes wrong, we will have channel binding support for SCRAM authentication in the next release of Postgres. The feature set consists mainly of the following commits. Here is the first one, which has added tls-unique:

As designed by RFC 7677 and RFC 5802, SCRAM verifiers (please take this term as a password if you want, which means a proof of authentication) are defined with default parameters which make the computation of a proof costly, making it more expensive to do dictionary or brute-force attacks while offline. Longer nonces help in making the computation longer, but there are as well two parameters that help in deciding such computation time and strength to offline attacks: