| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, k(dot)yudhveer(at)gmail(dot)com, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: BUG #16079: Question Regarding the BUG #16064 |
| Date: | 2020-12-21 19:13:39 |
| Message-ID: | 20201221191339.GN27507@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
Greetings,
* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> On Mon, Dec 21, 2020 at 8:06 PM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> > > On Mon, Dec 21, 2020 at 7:44 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > > > BTW, do we have a client-side setting to insist that passwords not be
> > > > sent in MD5 hashing either? A person who is paranoid about this would
> > > > likely want to disable that code path as well.
> > >
> > > I don't think we do, and we possibly should. You can require channel
> > > binding which will require scram which solves the problem, but it does
> > > so only for scram.
> > >
> > > IIRC we've discussed having a parameter that says "allowed
> > > authentication methods" on the client as well, but I don't believe it
> > > has been built. But it wouldn't be bad to be able to for example force
> > > the client to only attempt gssapi auth, regardless of what the server
> > > asks for, and just fail if it's not there.
> >
> > The client is able to require a GSS encrypted connection, and a savy
> > user will realize that they should 'kinit' (or equivilant) locally and
> > never provide their password explicitly to the psql (or equivilant)
> > command, but that's certainly less than ideal.
>
> Sure, but even if you do, then if you connect to a server that has gss
> support but is configured for password auth, it will perform password
> auth.
Right, and that's bad. Think we agree on that. I was just saying that
someone who understanding how GSS works wouldn't actually provide their
password at that point. Trusting to that is definitely not sufficient
though.
> > Having a way to explicitly tell libpq what auth methods are acceptable
> > was discussed previously and does generally seem like a good idea, as
> > otherwise there's a lot of risk of what are essentially downgrade
> > attacks.
>
> That was my point exactly..
Yes, it was my intention to agree with you on this. :)
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-12-21 19:26:06 | Re: BUG #16784: Server crash in ExecReScanAgg() |
| Previous Message | Magnus Hagander | 2020-12-21 19:11:32 | Re: BUG #16079: Question Regarding the BUG #16064 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Pryzby | 2020-12-21 19:49:24 | zstd compression for pg_dump |
| Previous Message | Magnus Hagander | 2020-12-21 19:11:32 | Re: BUG #16079: Question Regarding the BUG #16064 |