| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Automatic upgrade of passwords from md5 to scram-sha256 |
| Date: | 2025-01-12 22:59:20 |
| Message-ID: | 372571.1736722760@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Peter J. Holzer" <hjp-pgsql(at)hjp(dot)at> writes:
> The web framework Django will automatically and transparently rehash any
> password with the currently preferred algorithm if it isn't stored that
> way already.
Really? That implies that the framework has access to the original
cleartext password, which is a security fail already.
> Can PostgreSQL do that, too? (I haven't found anything)
No. The server has only the hashed password, it can't reconstruct
the original.
> If the password for the user is stored as an MD5 hash, the server
> replies to the startup message with an AuthenticationCleartextPassword
> respnse to force the client to send the password in the clear
> (obviously you only want to do that if the connection is TLS-encrypted
> or otherwise safe from eavesdropping).
I think this idea is a nonstarter, TLS or not. We're generally moving
in the direction of never letting the server see cleartext passwords.
It's already possible to configure libpq to refuse such requests
(see require_auth parameter), although that hasn't been made the
default.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2025-01-12 23:37:29 | Re: Automatic upgrade of passwords from md5 to scram-sha256 |
| Previous Message | Peter J. Holzer | 2025-01-12 22:28:28 | Automatic upgrade of passwords from md5 to scram-sha256 |