Re: Docs: Encourage strong server verification with SCRAM

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Jacob Champion <jchampion(at)timescale(dot)com>
Cc: Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>
Subject: Re: Docs: Encourage strong server verification with SCRAM
Date: 2023-05-25 17:29:12
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* Jacob Champion (jchampion(at)timescale(dot)com) wrote:
> On 5/24/23 05:04, Daniel Gustafsson wrote:
> >> On 23 May 2023, at 23:02, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> >> Perhaps more succinctly- maybe we should be making adjustments to the
> >> current language instead of just adding a new paragraph.
> >
> > +1
> I'm 100% on board for doing that as well, but the "instead of"
> suggestion makes me think I didn't explain my goal very well. For
> example, Stephen, you said
> > I have to admit that the patch as presented strikes me as a warning
> > without really providing steps for how to address the issues mentioned
> > though; there's a reference to what was just covered at the bottom but
> > nothing really new.
> but the last sentence of my patch *is* the suggested step:
> > + ... It's recommended to employ strong server
> > + authentication, using one of the above anti-spoofing measures, to prevent
> > + these attacks.

I was referring specifically to that ordering as not being ideal or in
line with the rest of the flow of that section. We should integrate the
concerns higher in the section where we outline the reason these things
matter and then follow those with the specific steps for how to address
them, not give a somewhat unclear reference from the very bottom back up
to something above.



In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Dagfinn Ilmari Mannsåker 2023-05-25 17:34:20 Re: Implement generalized sub routine find_in_log for tap test
Previous Message Heikki Linnakangas 2023-05-25 17:14:23 Re: ResourceOwner refactoring