| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Jacob Champion <jchampion(at)timescale(dot)com>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Docs: Encourage strong server verification with SCRAM |
| Date: | 2023-06-01 08:22:28 |
| Message-ID: | 6DE921FD-13FD-479A-9C52-D20C81E99A04@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 31 May 2023, at 23:14, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> On Wed, May 31, 2023 at 10:08:39AM -0400, Jacob Champion wrote:
>> LGTM!
>
> Okay. Does anybody have any comments and/or objections?
LGTM. As a small nitpick, I think this sentence is a little bit misleading:
"..can use offline analysis to determine the hashed password from
the client"
It's true that an attacker kan use offline analysis but it makes it sound
easier than it might be in practice. I would have written "to potentially
determine".
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Shinoda, Noriyoshi (PN Japan FSIP) | 2023-06-01 09:38:18 | RE: [16Beta1][doc] pgstat: Track time of the last scan of a relation |
| Previous Message | Daniel Gustafsson | 2023-06-01 08:06:33 | Re: [PATCH] Add LoongArch spinlock support in s_lock.h. |