| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Postgres 11 release notes |
| Date: | 2018-05-16 11:59:23 |
| Message-ID: | 20180516115923.GB14835@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-www |
On Wed, May 16, 2018 at 01:09:07PM +0300, Heikki Linnakangas wrote:
> I have to agree with Bruce, that it's pretty useless to implement channel
> binding, if there is no way to require it in libpq. IMHO that must be
> fixed.
Wouldn't we want to also do something for the case where a client is
willing to use SCRAM but that the server forces back MD5? In which
case, one possibility is a connection parameter like the following,
named say authmethod:
- An empty value is equivalent to the current behavior, and is the
default.
- 'scram' means that client is willing to use SCRAM, which would cause a
failure if server attempts to enforce MD5.
- 'scram-plus' means that client enforces SCRAM and channel binding.
Or we could just have a channel_binding_mode, which has a "require"
value like sslmode, and "prefer" mode, which is the default and the
current behavior... Still what to do with MD5 requests in this case?
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stas Kelvich | 2018-05-16 12:02:02 | Re: Global snapshots |
| Previous Message | Arthur Zakirov | 2018-05-16 11:36:33 | Re: [PROPOSAL] Shared Ispell dictionaries |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2018-05-16 13:08:30 | Re: Loss of boldface on syntax synopsis, v10 & devel |
| Previous Message | Heikki Linnakangas | 2018-05-16 10:50:04 | Re: Postgres 11 release notes |