Quick Links

Re: Proposal: Support custom authentication methods using hooks

From:	Jeff Davis <pgsql(at)j-davis(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	samay sharma <smilingsamay(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: Proposal: Support custom authentication methods using hooks
Date:	2022-02-25 18:57:41
Message-ID:	2718414dc095b716e59e126c03af343997d14c7b.camel@j-davis.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Fri, 2022-02-25 at 12:39 -0500, Tom Lane wrote:
> My point is that sending cleartext passwords over the wire is an
> insecure-by-definition protocol that we shouldn't be encouraging
> more use of.

We can require custom auth entries in pg_hba.conf to also specify
local, hostssl or hostgssenc.

It might annoy people who have a network secured at some other layer,
or who have the client on the same machine as the host. We could allow
plain "host" if someone specifies "customplain" explicitly.

Regards,
Jeff Davis

In response to

Re: Proposal: Support custom authentication methods using hooks at 2022-02-25 17:39:24 from Tom Lane

Responses

Re: Proposal: Support custom authentication methods using hooks at 2022-02-25 19:10:39 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Shmuel Kamensky	2022-02-25 18:57:51	Re: C++ Trigger Framework
Previous Message	David Christensen	2022-02-25 18:56:16	Re: [PATCH] add relation and block-level filtering to pg_waldump