Home > mailing lists

Re: Proposal: Support custom authentication methods using hooks - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Proposal: Support custom authentication methods using hooks
Date	February 25, 2022 20:39:24
Msg-id	1905579.1645810764@sss.pgh.pa.us Whole thread Raw
In response to	Re: Proposal: Support custom authentication methods using hooks (Jeff Davis <pgsql@j-davis.com>)
Responses	Re: Proposal: Support custom authentication methods using hooks ("Jonathan S. Katz" <jkatz@postgresql.org>) Re: Proposal: Support custom authentication methods using hooks (Jeff Davis <pgsql@j-davis.com>)
List	pgsql-hackers

Tree view

Jeff Davis <pgsql@j-davis.com> writes:
> On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote:
>> ... and, since we can't readily enforce that the client only sends
>> those cleartext passwords over suitably-encrypted connections, this
>> could easily be a net negative for security.  Not sure that I think
>> it's a good idea.

> I don't understand your point. Can't you just use "hostssl" rather than
> "host"?

My point is that sending cleartext passwords over the wire is an
insecure-by-definition protocol that we shouldn't be encouraging
more use of.

            regards, tom lane

pgsql-hackers by date:

From: Jeff Davis
Date: 25 February 2022, 20:33:45
Subject: Re: Proposal: Support custom authentication methods using hooks

From: Andres Freund
Date: 25 February 2022, 20:40:53
Subject: Re: Proposal: Support custom authentication methods using hooks

Re: Proposal: Support custom authentication methods using hooks - Mailing list pgsql-hackers

Previous

Next