On Thu, Jun 03, 2021 at 11:02:56AM -0700, Jeff Davis wrote:
> My feeling after all of that discussion is that the next step would be
> to move to some kind of negotiation between client and server about
> which methods are mutually acceptable. Right now, the protocol is
> structured around the serv
On Mon, 2020-12-21 at 13:44 -0500, Tom Lane wrote:
> Hm. I'm less concerned about that scenario than about somebody
> snooping
> the on-the-wire traffic. If we're going to invent a connection
> setting
> for this, I'd say that in addition to "ok to send cleartext password"
> and "never ok to send
Greetings,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Mon, Dec 21, 2020 at 8:06 PM Stephen Frost wrote:
> > * Magnus Hagander (mag...@hagander.net) wrote:
> > > On Mon, Dec 21, 2020 at 7:44 PM Tom Lane wrote:
> > > > BTW, do we have a client-side setting to insist that passwords not be
On Mon, Dec 21, 2020 at 8:06 PM Stephen Frost wrote:
>
> Greetings,
>
> * Magnus Hagander (mag...@hagander.net) wrote:
> > On Mon, Dec 21, 2020 at 7:44 PM Tom Lane wrote:
> > > BTW, do we have a client-side setting to insist that passwords not be
> > > sent in MD5 hashing either? A person who is
Greetings,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Mon, Dec 21, 2020 at 7:44 PM Tom Lane wrote:
> > BTW, do we have a client-side setting to insist that passwords not be
> > sent in MD5 hashing either? A person who is paranoid about this would
> > likely want to disable that code pat
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> >> Jeff Janes writes:
> >>> I would suggest going further. I would make the change on the client
> >>> side,
> >>> and have libpq refuse to send unhashed passwords without hav
On Mon, Dec 21, 2020 at 7:44 PM Tom Lane wrote:
>
> Stephen Frost writes:
> > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> >> Jeff Janes writes:
> >>> I would suggest going further. I would make the change on the client
> >>> side,
> >>> and have libpq refuse to send unhashed passwords without hav
Stephen Frost writes:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
>> Jeff Janes writes:
>>> I would suggest going further. I would make the change on the client side,
>>> and have libpq refuse to send unhashed passwords without having an
>>> environment variable set which allows it.
>> As noted, t
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Jeff Janes writes:
> > On Sun, Dec 20, 2020 at 7:58 PM Stephen Frost wrote:
> >> * Magnus Hagander (mag...@hagander.net) wrote:
> >>> Maybe we should do the same for LDAP (and RADIUS)? This seems like a
> >>> better place to put it than to log
Jeff Janes writes:
> On Sun, Dec 20, 2020 at 7:58 PM Stephen Frost wrote:
>> * Magnus Hagander (mag...@hagander.net) wrote:
>>> Maybe we should do the same for LDAP (and RADIUS)? This seems like a
>>> better place to put it than to log it at every time it's received?
>> A dollar short and a year
On Sun, Dec 20, 2020 at 7:58 PM Stephen Frost wrote:
>
> * Magnus Hagander (mag...@hagander.net) wrote:
>
>
Changed from bugs to hackers.
> > For the old plaintext "password" method, we log a warning when we parse
> the
> > configuration file.
>
Like Stephen, I don't see such a warning getting
11 matches
Mail list logo
