On Fri, Mar 4, 2022 at 6:03 PM Tatsuo Ishii <ishii@sraoss.co.jp> wrote:
>
> >> I still don't understand why using plaintex password authentication
> >> over SSL connection is considered insecure. Actually we have been
> >> stating opposite in the manual:
> >> https://www.postgresql.org/docs/14/auth-password.html
> >>
> >> "If the connection is protected by SSL encryption then password can be
> >> used safely, though."
> >
> > If you aren't doing client verification (i.e., cert in pg_hba) and are
> > not doing verify-full on the client side then a man-in-the-middle
> > attack on TLS is trivial, and the plaintext password will be
> > sniffable.
>
> So the plaintext password is safe if used with hostssl + verify-full
> (server side) and sslmode = verify-full (client side), right?
>
That would be safe-in-transit so long as everything was configured
properly and all certificates were protected. Unfortunately PG doesn't
make this incredibly easy to implement, it allows only 1 client root
cert, the client side doesn't understand system certificate stores or
PKI, etc.
Further, if someone gains access to the password hashes there is still
a pass-the-hash vulnerability, though.
