On Thu, 10 Oct 2024 at 23:45, Heikki Linnakangas <hlinn...@iki.fi> wrote: > I wouldn't recommend it if SCRAM is available, but yeah, with TLS and > sslmode=verify-full, it's secure enough.
Agreed, I'd definitely still recommend SCRAM over password. A big downside of "password" auth over TLS is that plaintext passwords get to the server, so a coredump would contain these passwords. Also, I wanted to call out that SCRAM still needs sslmode=verify-full to be fully secure. With the SCRAM hash of the server, together with a MITM between client and server, an attacker can impersonate the client without the client or server realizing. PgBouncer actually does this: https://www.pgbouncer.org/config.html#limitations
