From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, samay sharma <smilingsamay(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: Proposal: Support custom authentication methods using hooks |
Date: | 2022-02-25 17:40:53 |
Message-ID: | 20220225174053.grc7q2cqlo5t2vet@alap3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi,
On 2022-02-25 09:33:45 -0800, Jeff Davis wrote:
> On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote:
> > ... and, since we can't readily enforce that the client only sends
> > those cleartext passwords over suitably-encrypted connections, this
> > could easily be a net negative for security. Not sure that I think
> > it's a good idea.
>
> I don't understand your point. Can't you just use "hostssl" rather than
> "host"?
And the extension could check Port->ssl_in_use before sendAuthRequest(AUTH_REQ_PASSWORD)
if it wanted to restrict it.
Greetings,
Andres Freund
From | Date | Subject | |
---|---|---|---|
Next Message | Matthias van de Meent | 2022-02-25 17:49:42 | Re: Report checkpoint progress with pg_stat_progress_checkpoint (was: Report checkpoint progress in server logs) |
Previous Message | Tom Lane | 2022-02-25 17:39:24 | Re: Proposal: Support custom authentication methods using hooks |