Re: SCRAM pass-through authentication for postgres_fdw
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Jelte Fennema-Nio <postgres@jeltef.nl>
Cc: Matheus Alcantara <matheusssilv97@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-12-04T23:39:00Z
Lists: pgsql-hackers
On Wed, Dec 4, 2024 at 3:05 PM Jelte Fennema-Nio <postgres@jeltef.nl> wrote: > I only see advantages over the > alternative, which is copying the plaintext password around. In case > of compromise of the server, only the salt+verifier has to be rotated, > not the actual user password. Sure, I'm not saying it's worse than plaintext. But a third alternative might be actual pass-through SCRAM [1], where either you expect the two servers to share a certificate fingerprint, or explicitly disable channel bindings on the second authentication pass in order to allow the MITM. (Or, throwing spaghetti, maybe even have the primary server communicate the backend cert so you can verify it and use it in the binding?) All that is a metric ton more work and analysis, though. --Jacob [1] https://www.postgresql.org/message-id/9129a012-0415-947e-a68e-59d423071525%40timescale.com
Commits
-
postgres_fdw and dblink should check if backend has MyProcPort
- 762fed90bfee 18.0 landed
- 138750dde4a8 19 (unreleased) landed
-
postgres_fdw: SCRAM authentication pass-through
- 761c79508e7f 18.0 landed