| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Simon Riggs <simon(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Letting the client choose the protocol to use during a SASL exchange |
| Date: | 2017-04-07 08:17:43 |
| Message-ID: | 06cd6212-0d22-d840-acae-4d5158321ed3@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 04/06/2017 11:16 PM, Simon Riggs wrote:
>> or it
>> can just ignore the list and send what it wants anyway, probably leading
>> to client disconnect.
> It would need to follow one of the requested protocols, but mark the
> request as doomed. Otherwise we'd be revealing information. That's
> what SCRAM does now.
It's not a secret today, what authentication method the server requires.
You can't really hide it, anyway, as the client could probe with
different lists of supported methods, and see which method the server
picks in each case.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2017-04-07 08:33:52 | Re: Letting the client choose the protocol to use during a SASL exchange |
| Previous Message | Tatsuo Ishii | 2017-04-07 08:06:20 | Re: pgbench - allow to store select results into variables |