| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Add "password_protocol" connection parameter to libpq |
| Date: | 2019-08-08 22:38:20 |
| Message-ID: | 227015d8417f2b4fef03f8966dbfa5cbcc4f44da.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Libpq doesn't have a way to control which password protocols are used.
For example, the client might expect the server to be using SCRAM, but
it actually ends up using plain password authentication instead.
This patch adds:
password_protocol = {plaintext|md5|scram-sha-256|scram-sha-256-plus}
as a connection parameter. Libpq will then reject any authentication
request from the server that is less secure than this setting. Setting
it to "plaintext" (default) will answer to any kind of authentication
request.
I'm not 100% happy with the name "password_protocol", but other names I
could think of seemed likely to cause confusion.
Regards,
Jeff Davis
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Add-password_protocol-connection-parameter-to-libpq.patch | text/x-patch | 7.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2019-08-09 00:24:00 | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |
| Previous Message | Stephen Frost | 2019-08-08 22:31:42 | Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) |