| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
| Cc: | Matheus Alcantara <matheusssilv97(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: dblink: Add SCRAM pass-through authentication |
| Date: | 2025-03-06 21:58:55 |
| Message-ID: | CAOYmi+kLUU8UtnDRaRevmjd4QADoD=dAS87vwvUFi50TmvX6DQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Mar 6, 2025 at 12:33 PM Peter Eisentraut <peter(at)eisentraut(dot)org> wrote:
> AFAICT, in pgfdw_security_check(), if SCRAM has been used for the
> outgoing server connection, then PQconnectionUsedPassword() is true, and
> then this check should fail if no "password" parameter was given. That
> check should be expanded to allow alternatively passing the SCRAM key
> component parameters.
pgfdw_security_check() is currently not called if SCRAM passthrough is
in use, though:
> /*
> * Perform post-connection security checks only if scram pass-through
> * is not being used because the password is not necessary.
> */
> if (!(MyProcPort->has_scram_keys && UseScramPassthrough(server, user)))
> pgfdw_security_check(keywords, values, user, conn);
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2025-03-06 21:59:16 | Re: what's going on with lapwing? |
| Previous Message | Melanie Plageman | 2025-03-06 21:54:34 | Re: what's going on with lapwing? |