On Thu, Mar 3, 2022 at 11:50 PM Tatsuo Ishii <is...@sraoss.co.jp> wrote: > > >> So, dropping plaintext password authentication support from libpq will > >> make it impossible for users to use the former method. > > > > Yes, just like dropping support for md5 would make it impossible for > > users to have their passwords be hashed with md5, which is an altogether > > good thing considering how easy it is to brute-force md5 these days. > > I still don't understand why using plaintex password authentication > over SSL connection is considered insecure. Actually we have been > stating opposite in the manual: > https://www.postgresql.org/docs/14/auth-password.html > > "If the connection is protected by SSL encryption then password can be > used safely, though."
If you aren't doing client verification (i.e., cert in pg_hba) and are not doing verify-full on the client side then a man-in-the-middle attack on TLS is trivial, and the plaintext password will be sniffable. The documentation should be updated to say under no circumstances is this safe.
