Re: [HACKERS] PG 10 release notes
| От | Michael Paquier |
|---|---|
| Тема | Re: [HACKERS] PG 10 release notes |
| Дата | |
| Msg-id | CAB7nPqQCxOG+qwgDYAAOm7NREhJdfKcpzJNivF8CM-47EBa9vw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] PG 10 release notes (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: [HACKERS] PG 10 release notes
|
| Список | pgsql-hackers |
On Wed, Apr 26, 2017 at 12:20 AM, Bruce Momjian <bruce@momjian.us> wrote: > On Tue, Apr 25, 2017 at 02:39:40PM +0900, Michael Paquier wrote: >> <para> >> Add <link linkend="auth-pg-hba-conf"><literal>SCRAM-SHA-256</></> >> support for password negotiation and storage (Michael >> Paquier, Heikki Linnakangas) >> </para> >> <para> >> This proves better security than the existing 'md5' negotiation and >> storage method. >> </para> >> This is quite vague... > > Can you give me better text? I can't think of any. Sure, here is an idea: Add support for SASL authentication using protocol mechanism SCRAM-SHA-256 per RFC 5802 and 7677. (adding a reference to the RFCs with a link seems important to me). SCRAM-SHA-256 improves deficiencies of MD5 password hashing by preventing any kind of pass-the-hash vulnerabilities, where a user would be able to connect to a PostgreSQL instance by just knowing the hash of a password and not the password itself. -- Michael
В списке pgsql-hackers по дате отправления: