Re: Add "password_protocol" connection parameter to libpq

On Fri, 2019-08-09 at 09:28 -0400, Stephen Frost wrote:
> Having an 'any' option, as mentioned before, could be an alternative
> though.

...

> I agree with the point that there isn't any guarantee that it'll
> always
> be clear-cut as to which of two methods is "better".
> 
> From a user perspective, it seems like the main things are "don't
> send
> my password in the clear to the server", and "require channel binding
> to
> prove there isn't a MITM".  I have to admit that I like the idea of
> requiring scram to be used and not allowing md5 though.

So it seems like we are leaning toward:

   password_protocol = any | {plaintext,md5,scram-sha-256,scram-sha-
256-plus}[,...]

Or maybe:

   channel_binding = {disable|prefer|require}
   password_plaintext = {disable|enable}
   password_md5 = {disable|enable}

That seems reasonable. It's three options, but no normal use case would
need to set more than two, because channel binding forces scram-sha-
256-plus.

Regards,
    Jeff Davis