From: | Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> |
---|---|
To: | sfrost(at)snowman(dot)net |
Cc: | ishii(at)sraoss(dot)co(dot)jp, jkatz(at)postgresql(dot)org, tgl(at)sss(dot)pgh(dot)pa(dot)us, pgsql(at)j-davis(dot)com, smilingsamay(at)gmail(dot)com, pgsql-hackers(at)lists(dot)postgresql(dot)org, andres(at)anarazel(dot)de |
Subject: | Re: Proposal: Support custom authentication methods using hooks,Re: Proposal: Support custom authentication methods using hooks |
Date: | 2022-03-04 04:50:42 |
Message-ID: | 20220304.135042.469462829650498133.t-ishii@sranhm.sra.co.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
>> So, dropping plaintext password authentication support from libpq will
>> make it impossible for users to use the former method.
>
> Yes, just like dropping support for md5 would make it impossible for
> users to have their passwords be hashed with md5, which is an altogether
> good thing considering how easy it is to brute-force md5 these days.
I still don't understand why using plaintex password authentication
over SSL connection is considered insecure. Actually we have been
stating opposite in the manual:
https://www.postgresql.org/docs/14/auth-password.html
"If the connection is protected by SSL encryption then password can be
used safely, though."
Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2022-03-04 04:51:12 | Re: standby recovery fails (tablespace related) (tentative patch and discussion) |
Previous Message | Japin Li | 2022-03-04 04:18:29 | Re: Doc about how to set max_wal_senders when setting minimal wal_level |