Home > mailing lists

[HACKERS] Authentification method on client side checking - Mailing list pgsql-hackers

From	Victor Drobny
Subject	[HACKERS] Authentification method on client side checking
Date	July 9, 2017 22:47:29
Msg-id	c5cb08f4cce46ff661ad287fadaa1b2a@postgrespro.ru Whole thread Raw
Responses	Re: [HACKERS] Authentification method on client side checking
List	pgsql-hackers

Tree view

Hello,

Despite the addition of SCRAM authentification to PostgreSQL 10, MITM 
attack can be performed by saying that the server supports, for example, 
only md5 authentication. The possible solution for it is checking 
authentification method on a client side and reject connections that 
could be unsafe.

Postgresql server can require unencrypted password passing, md5, scram, 
gss or sspi authentification.

In the attached patch you can find the solution for it. The new provided 
features are the following:
The parameter with acceptable authentification methods can be passed 
into connection methods of libpq library.
Also, this parameter can be specified to psql as a command line 
argument.
The documentation for command line arguments of psql and arguments of 
libpq methods are also presented.

Thank you for attention!

Best,
-- 
------
Victor Drobny
Postgres Professional: http://www.postgrespro.com
The Russian Postgres Company
-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Attachment

authentification_method_on_client_check.patch

pgsql-hackers by date:

From: "Mengxing Liu"
Date: 09 July 2017, 22:38:35
Subject: [HACKERS] [GSOC][weekly report 5] Eliminate O(N^2) scaling from rw-conflicttracking in serializable transactions

From: Martin Mai
Date: 09 July 2017, 23:27:25
Subject: Re: [HACKERS] [PATCH] Minor typo in the source repository documentation

[HACKERS] Authentification method on client side checking - Mailing list pgsql-hackers

Attachment

Previous

Next