| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: sunsetting md5 password support |
| Date: | 2024-10-10 21:59:10 |
| Message-ID: | CAGECzQSSYV1H8DAPbKy_wF+4yRNW3=5rskTJabbsTHcqdXsPdg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 10 Oct 2024 at 23:45, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> I wouldn't recommend it if SCRAM is available, but yeah, with TLS and
> sslmode=verify-full, it's secure enough.
Agreed, I'd definitely still recommend SCRAM over password. A big
downside of "password" auth over TLS is that plaintext passwords get
to the server, so a coredump would contain these passwords.
Also, I wanted to call out that SCRAM still needs sslmode=verify-full
to be fully secure. With the SCRAM hash of the server, together with a
MITM between client and server, an attacker can impersonate the client
without the client or server realizing. PgBouncer actually does this:
https://www.pgbouncer.org/config.html#limitations
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jesper Pedersen | 2024-10-10 22:00:20 | Re: sunsetting md5 password support |
| Previous Message | Heikki Linnakangas | 2024-10-10 21:45:19 | Re: sunsetting md5 password support |