Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nNeZ1-0004DW-D4 for pgsql-hackers@arkaria.postgresql.org; Fri, 25 Feb 2022 17:39:31 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nNeYz-0007bW-Dm for pgsql-hackers@arkaria.postgresql.org; Fri, 25 Feb 2022 17:39:29 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nNeYz-0007bM-4r for pgsql-hackers@lists.postgresql.org; Fri, 25 Feb 2022 17:39:29 +0000 Received: from sss.pgh.pa.us ([66.207.139.130]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nNeYw-00050l-Mj for pgsql-hackers@lists.postgresql.org; Fri, 25 Feb 2022 17:39:28 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 21PHdOMf1905580; Fri, 25 Feb 2022 12:39:24 -0500 From: Tom Lane To: Jeff Davis cc: samay sharma , pgsql-hackers@lists.postgresql.org Subject: Re: Proposal: Support custom authentication methods using hooks In-reply-to: <54dc198b56a87e31e9625405383f04a8c6589b8b.camel@j-davis.com> References: <1737574.1645753674@sss.pgh.pa.us> <54dc198b56a87e31e9625405383f04a8c6589b8b.camel@j-davis.com> Comments: In-reply-to Jeff Davis message dated "Fri, 25 Feb 2022 09:33:45 -0800" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1905578.1645810764.1@sss.pgh.pa.us> Date: Fri, 25 Feb 2022 12:39:24 -0500 Message-ID: <1905579.1645810764@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Jeff Davis writes: > On Thu, 2022-02-24 at 20:47 -0500, Tom Lane wrote: >> ... and, since we can't readily enforce that the client only sends >> those cleartext passwords over suitably-encrypted connections, this >> could easily be a net negative for security. Not sure that I think >> it's a good idea. > I don't understand your point. Can't you just use "hostssl" rather than > "host"? My point is that sending cleartext passwords over the wire is an insecure-by-definition protocol that we shouldn't be encouraging more use of. regards, tom lane