Home > mailing lists

Add "password_protocol" connection parameter to libpq - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Add "password_protocol" connection parameter to libpq
Date	August 9, 2019 01:38:20
Msg-id	227015d8417f2b4fef03f8966dbfa5cbcc4f44da.camel@j-davis.com Whole thread Raw
Responses	Re: Add "password_protocol" connection parameter to libpq (Michael Paquier <michael@paquier.xyz>)
List	pgsql-hackers

Tree view

Libpq doesn't have a way to control which password protocols are used.
For example, the client might expect the server to be using SCRAM, but
it actually ends up using plain password authentication instead.

This patch adds:

  password_protocol = {plaintext|md5|scram-sha-256|scram-sha-256-plus}

as a connection parameter. Libpq will then reject any authentication
request from the server that is less secure than this setting. Setting
it to "plaintext" (default) will answer to any kind of authentication
request.

I'm not 100% happy with the name "password_protocol", but other names I
could think of seemed likely to cause confusion.

Regards,
    Jeff Davis

Attachment

0001-Add-password_protocol-connection-parameter-to-libpq.patch

pgsql-hackers by date:

From: Stephen Frost
Date: 09 August 2019, 01:31:42
Subject: Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)

From: Bruce Momjian
Date: 09 August 2019, 03:24:00
Subject: Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)

Add "password_protocol" connection parameter to libpq - Mailing list pgsql-hackers

Attachment

Previous

Next