| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net>, Álvaro Hernández Tortosa <aht(at)8kdata(dot)com> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Some thoughts about SCRAM implementation |
| Date: | 2017-04-14 19:20:33 |
| Message-ID: | 0711fe6c-557d-806c-14b4-f363b65e822b@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 4/11/17 09:03, Magnus Hagander wrote:
> I would expect most enterprise customers who care about MITM protection
> are already using either TLS or ipsec to cover that already. They have
> benefit from the other parts of SCRAM, but they've already solved those
> problems.
Yeah, I think if you're concerned about MITM then you would also be
concerned about MITM siphoning off your data. So you should be using
TLS and then you don't need channel binding.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2017-04-14 19:23:10 | PANIC in pg_commit_ts slru after crashes |
| Previous Message | Petr Jelinek | 2017-04-14 19:11:02 | Re: logical replication and PANIC during shutdown checkpoint in publisher |