Re: dblink: Add SCRAM pass-through authentication
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Matheus Alcantara <matheusssilv97@gmail.com>
Cc: Peter Eisentraut <peter@eisentraut.org>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-03-17T23:26:40Z
Lists: pgsql-hackers
On Mon, Mar 17, 2025 at 11:54 AM Matheus Alcantara <matheusssilv97@gmail.com> wrote: > > If the check functions aren't going to check those because it's > > unnecessary, then that's fine, but then the comments should be > > adjusted. > > > Ok, now I get all of your points. I've misinterpreted your comments, > sorry about that. I've changed on v7 to validate the scram keys using > the same approach implemented for require_auth, so that now we correctly > check for overwritten scram keys on connection options. I think that the > code comments should be correct now? Looks good. > > I was referring to the discussion upthread [1]; you'd mentioned that > > the only reason that get_connect_string() didn't call GetUserMapping() > > itself was because we needed that mapping later on for > > UseScramPassthrough(). But that's no longer true for this patch, > > because the later call to UseScramPassthrough() has been removed. So I > > think we can move GetUserMapping() back down, and remove that part of > > the refactoring from patch 0001. > > > Ok, it totally makes sense. Fixed on v7. The fix is in, but it needs to be part of 0001 rather than 0002; otherwise 0001 doesn't compile. -- A pgperltidy run is needed for some of the more recent test changes. But I'm rapidly running out of feedback, so I think this is very close. Thanks! --Jacob
Commits
-
dblink: SCRAM authentication pass-through
- 3642df265d09 18.0 landed
-
postgres_fdw: improve security checks
- 76563f88cfbd 18.0 landed