| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Jacob Champion <jchampion(at)timescale(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
| Subject: | Re: Docs: Encourage strong server verification with SCRAM |
| Date: | 2023-05-24 01:56:01 |
| Message-ID: | ZG1usU0cJBq+LQNM@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, May 23, 2023 at 09:46:58PM -0400, Stephen Frost wrote:
> Not without breaking things we support today and for what seems like an
> unclear benefit given that we've got channel binding today (though
> perhaps we need to make sure there's ways to force it on both sides to
> be on and to encourage everyone to do that- which is what this change is
> generally about, I think).
>
> As I recall, the reason we do it the way we do is because the SASL spec
> that SCRAM is implemented under requires the username to be utf8 encoded
> while we support other encodings, and I don't think we want to break
> non-utf8 usage.
Yup, I remember this one, the encoding not being enforced by the
protocol has been quite an issue when this was implemented, still I
was wondering whether that's something that could be worth revisiting
at some degree.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kyotaro Horiguchi | 2023-05-24 01:56:28 | Re: could not extend file "base/5/3501" with FileFallocate(): Interrupted system call |
| Previous Message | Stephen Frost | 2023-05-24 01:46:58 | Re: Docs: Encourage strong server verification with SCRAM |