From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Cc: | Álvaro Hernández Tortosa <aht(at)8kdata(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [JDBC] [HACKERS] Channel binding support for SCRAM-SHA-256 |
Date: | 2017-11-28 16:10:25 |
Message-ID: | 2751aafc-8341-1c3d-c3e2-5abed914a6a4@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-jdbc |
On 11/26/17 06:59, Michael Paquier wrote:
> On Tue, Nov 21, 2017 at 1:36 PM, Michael Paquier
> <michael(dot)paquier(at)gmail(dot)com> wrote:
>> So attached are rebased patches:
>> - 0001 to introduce the connection parameter saslchannelbinding, which
>> allows libpq to enforce the type of channel binding used during an
>> exchange.
>> - 0002 to add tls-endpoint as channel binding type, which is where 0001 shines.
>
> Attached is a rebased patch set, documentation failing to compile. I
> am moving at the same time this patch set to the next commit fest.
I think these are SCRAM channel bindings, not SASL channel bindings, so
the parameter should be named accordingly.
I also wonder whether there should be a mechanism to turn off channel
binding from the client. Right now, there is no way to test the
non-PLUS mechanism in an SSL build.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Alexander Korotkov | 2017-11-28 16:11:05 | Re: [PATCH] Atomic pgrename on Windows |
Previous Message | Robert Haas | 2017-11-28 16:07:45 | Re: explain analyze output with parallel workers - question about meaning of information for explain.depesz.com |
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2017-11-28 17:41:34 | Re: [JDBC] [HACKERS] Channel binding support for SCRAM-SHA-256 |
Previous Message | Vladimir Sitnikov | 2017-11-28 08:37:36 | [pgjdbc/pgjdbc] fd0eee: fix: avoid reflective access to TimeZone.defaultTi... |