Hi, On 2022-02-25 09:33:45 -0800, Jeff Davis wrote: > On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote: > > ... and, since we can't readily enforce that the client only sends > > those cleartext passwords over suitably-encrypted connections, this > > could easily be a net negative for security. Not sure that I think > > it's a good idea. > > I don't understand your point. Can't you just use "hostssl" rather than > "host"?
And the extension could check Port->ssl_in_use before sendAuthRequest(AUTH_REQ_PASSWORD) if it wanted to restrict it. Greetings, Andres Freund
