Home > mailing lists

Re: Docs: Encourage strong server verification with SCRAM - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: Docs: Encourage strong server verification with SCRAM
Date	June 1, 2023 11:22:28
Msg-id	6DE921FD-13FD-479A-9C52-D20C81E99A04@yesql.se Whole thread Raw
In response to	Re: Docs: Encourage strong server verification with SCRAM (Michael Paquier <michael@paquier.xyz>)
Responses	Re: Docs: Encourage strong server verification with SCRAM
List	pgsql-hackers

Tree view

> On 31 May 2023, at 23:14, Michael Paquier <michael@paquier.xyz> wrote:
> On Wed, May 31, 2023 at 10:08:39AM -0400, Jacob Champion wrote:

>> LGTM!
> 
> Okay.  Does anybody have any comments and/or objections? 

LGTM. As a small nitpick, I think this sentence is a little bit misleading:

    "..can use offline analysis to determine the hashed password from
     the client"

It's true that an attacker kan use offline analysis but it makes it sound
easier than it might be in practice.  I would have written "to potentially
determine".

--
Daniel Gustafsson

pgsql-hackers by date:

From: Daniel Gustafsson
Date: 01 June 2023, 11:06:33
Subject: Re: [PATCH] Add LoongArch spinlock support in s_lock.h.

From: "Shinoda, Noriyoshi (PN Japan FSIP)"
Date: 01 June 2023, 12:38:18
Subject: RE: [16Beta1][doc] pgstat: Track time of the last scan of a relation

Re: Docs: Encourage strong server verification with SCRAM - Mailing list pgsql-hackers

Previous

Next