On 21.09.22 17:33, Jacob Champion wrote:
> On Fri, Sep 16, 2022 at 1:29 PM Jacob Champion <jchampion@timescale.com> wrote:
>> I'm happy to implement proofs of concept for that, or any other ideas,
>> given the importance of getting this "right enough" the first time.
>> Just let me know.
>
> v8 rebases over the postgres_fdw HINT changes; there are no functional
> differences.
So let's look at the two TODO comments you have:
* TODO: how should !auth_required interact with an incomplete
* SCRAM exchange?
What specific combination of events are you thinking of here?
/*
* If implicit GSS auth has already been performed via GSS
* encryption, we don't need to have performed an
* AUTH_REQ_GSS exchange.
*
* TODO: check this assumption. What mutual auth guarantees
* are made in this case?
*/
I don't understand the details involved here, but I would be surprised
if this assumption is true. For example, does GSS encryption deal with
user names and a user name map? I don't see how these can be
equivalent. In any case, it seems to me that it would be safer to *not*
make this assumption at first and then have someone more knowledgeable
make the argument that it would be safe.