| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Adrian Vogelsgesang <avogelsgesang(at)tableau(dot)com> |
| Cc: | "pgsql-interfaces(at)lists(dot)postgresql(dot)org" <pgsql-interfaces(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Libpq: Fail connection attempt if server didn't request a password |
| Date: | 2021-01-15 23:21:18 |
| Message-ID: | 1686503.1610752878@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
Adrian Vogelsgesang <avogelsgesang(at)tableau(dot)com> writes:
> Is there some way to let libpq fail the connection attempt in such a case, i.e. if a password was provided but not requested from the server?
Why would that be a useful thing to do?
> 1. To identify misconfigured server. In our use case, all servers should require a password. By failing hard and early, we can more easily find misconfigured servers
I find that argument quite unconvincing. You can easily look into
pg_hba.conf to see if any lines don't have an auth method you like.
Moreover, that approach scales to requirements that are more complicated
than this specific use-case, and you can be sure that *all* the entries
satisfy your business rule, not just the one you happened to match this
time.
> Can I, as the client, force the authentication used during creating a connection to be scram-sha-256?
There has been discussion of that, but no one has written a patch yet.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2021-01-25 08:16:12 | Re: #include <stdlib.h> present twice in define.pgc |
| Previous Message | Adrian Vogelsgesang | 2021-01-15 17:56:54 | Libpq: Fail connection attempt if server didn't request a password |