Re: Proposal: Support custom authentication methods using hooks

Поиск
Список
Период
Сортировка
От Andres Freund
Тема Re: Proposal: Support custom authentication methods using hooks
Дата
Msg-id 20220225174053.grc7q2cqlo5t2vet@alap3.anarazel.de
обсуждение исходный текст
Ответ на Re: Proposal: Support custom authentication methods using hooks  (Jeff Davis <pgsql@j-davis.com>)
Список pgsql-hackers
Дерево обсуждения 
Hi,

On 2022-02-25 09:33:45 -0800, Jeff Davis wrote:
> On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote:
> > ... and, since we can't readily enforce that the client only sends
> > those cleartext passwords over suitably-encrypted connections, this
> > could easily be a net negative for security.  Not sure that I think
> > it's a good idea.
> 
> I don't understand your point. Can't you just use "hostssl" rather than
> "host"?

And the extension could check Port->ssl_in_use before sendAuthRequest(AUTH_REQ_PASSWORD)
if it wanted to restrict it.

Greetings,

Andres Freund

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Proposal: Support custom authentication methods using hooks
Следующее
От: Matthias van de Meent
Дата:
Сообщение: Re: Report checkpoint progress with pg_stat_progress_checkpoint (was: Report checkpoint progress in server logs)