On Tue, May 23, 2023 at 10:01:03PM -0400, Stephen Frost wrote: > To the extent that there was an issue when it was implemented ... it's > now been implemented and so that was presumably overcome (though I don't > really specifically recall what the issues were there? Seems like it > wouldn't matter at this point though), so I don't understand why we > would wish to revisit it.
Well, there are IMO two sides issues here: 1) libpq sends an empty username, which can be an issue if attempting to make this layer more pluggable with other things that are more compilation than PG with the SCRAM exchange (OpenLDAP is one, there could be others). 2) The backend ignoring the username means that it is not mixed in the hashes. Relying on channel binding mitigates the range of problems for 2), now one thing is that the default sslmode does not enforce an SSL connection, either, though this default has been discussed a lot. So I am really wondering whether there wouldn't be some room for a more compliant, strict HBA option with scram-sha-256 where we'd only allow UTF-8 compliant strings. Just some food for thoughts. And we could do better about the current state that's 1), anyway. -- Michael
signature.asc
Description: PGP signature
