| From: | Victor Drobny <v(dot)drobny(at)postgrespro(dot)ru> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Authentification method on client side checking |
| Date: | 2017-07-09 16:47:29 |
| Message-ID: | c5cb08f4cce46ff661ad287fadaa1b2a@postgrespro.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello,
Despite the addition of SCRAM authentification to PostgreSQL 10, MITM
attack can be performed by saying that the server supports, for example,
only md5 authentication. The possible solution for it is checking
authentification method on a client side and reject connections that
could be unsafe.
Postgresql server can require unencrypted password passing, md5, scram,
gss or sspi authentification.
In the attached patch you can find the solution for it. The new provided
features are the following:
The parameter with acceptable authentification methods can be passed
into connection methods of libpq library.
Also, this parameter can be specified to psql as a command line
argument.
The documentation for command line arguments of psql and arguments of
libpq methods are also presented.
Thank you for attention!
Best,
--
------
Victor Drobny
Postgres Professional: http://www.postgrespro.com
The Russian Postgres Company
| Attachment | Content-Type | Size |
|---|---|---|
| authentification_method_on_client_check.patch | text/x-diff | 5.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martin Mai | 2017-07-09 17:27:25 | Re: [PATCH] Minor typo in the source repository documentation |
| Previous Message | Mengxing Liu | 2017-07-09 16:38:35 | [GSOC][weekly report 5] Eliminate O(N^2) scaling from rw-conflict tracking in serializable transactions |