Re: Proposal: Support custom authentication methods using hooks,Re: Proposal: Support custom authentication methods using hooks

Поиск
Список
Период
Сортировка
От Tatsuo Ishii
Тема Re: Proposal: Support custom authentication methods using hooks,Re: Proposal: Support custom authentication methods using hooks
Дата
Msg-id 20220305.080337.381345932292253507.t-ishii@sranhm.sra.co.jp
обсуждение исходный текст
Ответ на Re: Proposal: Support custom authentication methods using hooks,Re: Proposal: Support custom authentication methods using hooks  (Joshua Brindle <joshua.brindle@crunchydata.com>)
Ответы Re: Proposal: Support custom authentication methods using hooks,Re: Proposal: Support custom authentication methods using hooks  (Joshua Brindle <joshua.brindle@crunchydata.com>)
Список pgsql-hackers
Дерево обсуждения 
>> I still don't understand why using plaintex password authentication
>> over SSL connection is considered insecure. Actually we have been
>> stating opposite in the manual:
>> https://www.postgresql.org/docs/14/auth-password.html
>>
>> "If the connection is protected by SSL encryption then password can be
>> used safely, though."
> 
> If you aren't doing client verification (i.e., cert in pg_hba) and are
> not doing verify-full on the client side then a man-in-the-middle
> attack on TLS is trivial, and the plaintext password will be
> sniffable.

So the plaintext password is safe if used with hostssl + verify-full
(server side) and sslmode = verify-full (client side), right?

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andres Freund
Дата:
Сообщение: Re: Regression tests failures on Windows Server 2019 - on master at commit # d816f366b
Следующее
От: Thomas Munro
Дата:
Сообщение: Re: Regression tests failures on Windows Server 2019 - on master at commit # d816f366b