Re: Docs: Encourage strong server verification with SCRAM

Greetings,

* Jacob Champion (jchampion(at)timescale(dot)com) wrote:
> On 5/24/23 05:04, Daniel Gustafsson wrote:
> >> On 23 May 2023, at 23:02, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> >> Perhaps more succinctly- maybe we should be making adjustments to the
> >> current language instead of just adding a new paragraph.
> >
> > +1
>
> I'm 100% on board for doing that as well, but the "instead of"
> suggestion makes me think I didn't explain my goal very well. For
> example, Stephen, you said
>
> > I have to admit that the patch as presented strikes me as a warning
> > without really providing steps for how to address the issues mentioned
> > though; there's a reference to what was just covered at the bottom but
> > nothing really new.
>
> but the last sentence of my patch *is* the suggested step:
>
> > + ... It's recommended to employ strong server
> > + authentication, using one of the above anti-spoofing measures, to prevent
> > + these attacks.

I was referring specifically to that ordering as not being ideal or in
line with the rest of the flow of that section. We should integrate the
concerns higher in the section where we outline the reason these things
matter and then follow those with the specific steps for how to address
them, not give a somewhat unclear reference from the very bottom back up
to something above.

Thanks,

Stephen