Re: Add "password_protocol" connection parameter to libpq
Jeff Davis <pgsql@j-davis.com>
From: Jeff Davis <pgsql@j-davis.com>
To: Stephen Frost <sfrost@snowman.net>, Michael Paquier <michael@paquier.xyz>
Cc: pgsql-hackers@postgresql.org
Date: 2019-08-09T15:51:19Z
Lists: pgsql-hackers
On Fri, 2019-08-09 at 09:28 -0400, Stephen Frost wrote:
> Having an 'any' option, as mentioned before, could be an alternative
> though.
...
> I agree with the point that there isn't any guarantee that it'll
> always
> be clear-cut as to which of two methods is "better".
>
> From a user perspective, it seems like the main things are "don't
> send
> my password in the clear to the server", and "require channel binding
> to
> prove there isn't a MITM". I have to admit that I like the idea of
> requiring scram to be used and not allowing md5 though.
So it seems like we are leaning toward:
password_protocol = any | {plaintext,md5,scram-sha-256,scram-sha-
256-plus}[,...]
Or maybe:
channel_binding = {disable|prefer|require}
password_plaintext = {disable|enable}
password_md5 = {disable|enable}
That seems reasonable. It's three options, but no normal use case would
need to set more than two, because channel binding forces scram-sha-
256-plus.
Regards,
Jeff Davis
Commits
-
Add libpq parameter 'channel_binding'.
- d6e612f837e2 13.0 landed