Home > mailing lists

Re: Proposal: Support custom authentication methods using hooks - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Re: Proposal: Support custom authentication methods using hooks
Date	February 25, 2022 21:57:41
Msg-id	2718414dc095b716e59e126c03af343997d14c7b.camel@j-davis.com Whole thread Raw
In response to	Re: Proposal: Support custom authentication methods using hooks (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Proposal: Support custom authentication methods using hooks (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Fri, 2022-02-25 at 12:39 -0500, Tom Lane wrote:
> My point is that sending cleartext passwords over the wire is an
> insecure-by-definition protocol that we shouldn't be encouraging
> more use of.

We can require custom auth entries in pg_hba.conf to also specify
local, hostssl or hostgssenc.

It might annoy people who have a network secured at some other layer,
or who have the client on the same machine as the host. We could allow
plain "host" if someone specifies "customplain" explicitly.

Regards,
    Jeff Davis

pgsql-hackers by date:

From: David Christensen
Date: 25 February 2022, 21:56:16
Subject: Re: [PATCH] add relation and block-level filtering to pg_waldump

From: Shmuel Kamensky
Date: 25 February 2022, 21:57:51
Subject: Re: C++ Trigger Framework

Re: Proposal: Support custom authentication methods using hooks - Mailing list pgsql-hackers

Previous

Next