| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
| Cc: | Matheus Alcantara <matheusssilv97(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: dblink: Add SCRAM pass-through authentication |
| Date: | 2025-03-12 15:17:55 |
| Message-ID: | CAOYmi+n09FKHgZERSBg2EisfSh_F1xHTng9Nv6Rf0D-8Gmn8qA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Mar 10, 2025 at 11:25 AM Jacob Champion
<jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> On Fri, Mar 7, 2025 at 8:22 AM Peter Eisentraut <peter(at)eisentraut(dot)org> wrote:
> > Right. How about the attached? It checks as an alternative to a
> > password whether the SCRAM keys were provided. That should get us back
> > to the same level of checking?
>
> Yes, I think so. Attached is a set of tests to illustrate, mirroring
> the dblink tests added upthread; they fail without this patch.
In an offline discussion with Peter and Matheus, we figured out that
this is still not enough. The latest patch checks that a password was
used, but it doesn't ensure that the password material came from the
SCRAM keys. Attached is an updated test to illustrate.
Thanks,
--Jacob
| Attachment | Content-Type | Size |
|---|---|---|
| fdw-test-v2.diff.txt | text/plain | 1.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashutosh Bapat | 2025-03-12 15:32:29 | Re: Optimizing FastPathTransferRelationLocks() |
| Previous Message | Evgeny Voropaev | 2025-03-12 15:02:07 | Re: Elimination of the repetitive code at the SLRU bootstrap functions. |