Home > mailing lists

Re: Proposal: Support custom authentication methods using hooks - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Re: Proposal: Support custom authentication methods using hooks
Date	February 25, 2022 20:33:45
Msg-id	54dc198b56a87e31e9625405383f04a8c6589b8b.camel@j-davis.com Whole thread Raw
In response to	Re: Proposal: Support custom authentication methods using hooks (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Proposal: Support custom authentication methods using hooks (Tom Lane <tgl@sss.pgh.pa.us>) Re: Proposal: Support custom authentication methods using hooks (Andres Freund <andres@anarazel.de>)
List	pgsql-hackers

Tree view

On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote:
> ... and, since we can't readily enforce that the client only sends
> those cleartext passwords over suitably-encrypted connections, this
> could easily be a net negative for security.  Not sure that I think
> it's a good idea.

I don't understand your point. Can't you just use "hostssl" rather than
"host"?

Also there are some useful cases that don't really require SSL, like
when the client and host are on the same machine, or if you have a
network secured some other way.

Regards,
    Jeff Davis

pgsql-hackers by date:

From: Jeff Davis
Date: 25 February 2022, 20:29:24
Subject: Re: Proposal: Support custom authentication methods using hooks

From: Tom Lane
Date: 25 February 2022, 20:39:24
Subject: Re: Proposal: Support custom authentication methods using hooks

Re: Proposal: Support custom authentication methods using hooks - Mailing list pgsql-hackers

Previous

Next