Re: sunsetting md5 password support
Jelte Fennema-Nio <postgres@jeltef.nl>
From: Jelte Fennema-Nio <postgres@jeltef.nl>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Bruce Momjian <bruce@momjian.us>,
Nathan Bossart <nathandbossart@gmail.com>, pgsql-hackers@postgresql.org
Date: 2024-10-10T21:59:10Z
Lists: pgsql-hackers
On Thu, 10 Oct 2024 at 23:45, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > I wouldn't recommend it if SCRAM is available, but yeah, with TLS and > sslmode=verify-full, it's secure enough. Agreed, I'd definitely still recommend SCRAM over password. A big downside of "password" auth over TLS is that plaintext passwords get to the server, so a coredump would contain these passwords. Also, I wanted to call out that SCRAM still needs sslmode=verify-full to be fully secure. With the SCRAM hash of the server, together with a MITM between client and server, an attacker can impersonate the client without the client or server realizing. PgBouncer actually does this: https://www.pgbouncer.org/config.html#limitations
Commits
-
Deprecate MD5 passwords.
- db6a4a985bc0 18.0 landed