Re: dblink: Add SCRAM pass-through authentication
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Peter Eisentraut <peter@eisentraut.org>
Cc: Matheus Alcantara <matheusssilv97@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-03-06T21:58:55Z
Lists: pgsql-hackers
On Thu, Mar 6, 2025 at 12:33 PM Peter Eisentraut <peter@eisentraut.org> wrote: > AFAICT, in pgfdw_security_check(), if SCRAM has been used for the > outgoing server connection, then PQconnectionUsedPassword() is true, and > then this check should fail if no "password" parameter was given. That > check should be expanded to allow alternatively passing the SCRAM key > component parameters. pgfdw_security_check() is currently not called if SCRAM passthrough is in use, though: > /* > * Perform post-connection security checks only if scram pass-through > * is not being used because the password is not necessary. > */ > if (!(MyProcPort->has_scram_keys && UseScramPassthrough(server, user))) > pgfdw_security_check(keywords, values, user, conn); --Jacob
Commits
-
dblink: SCRAM authentication pass-through
- 3642df265d09 18.0 landed
-
postgres_fdw: improve security checks
- 76563f88cfbd 18.0 landed