On Fri, Mar 4, 2022 at 6:03 PM Tatsuo Ishii <is...@sraoss.co.jp> wrote: > > >> I still don't understand why using plaintex password authentication > >> over SSL connection is considered insecure. Actually we have been > >> stating opposite in the manual: > >> https://www.postgresql.org/docs/14/auth-password.html > >> > >> "If the connection is protected by SSL encryption then password can be > >> used safely, though." > > > > If you aren't doing client verification (i.e., cert in pg_hba) and are > > not doing verify-full on the client side then a man-in-the-middle > > attack on TLS is trivial, and the plaintext password will be > > sniffable. > > So the plaintext password is safe if used with hostssl + verify-full > (server side) and sslmode = verify-full (client side), right? >
That would be safe-in-transit so long as everything was configured properly and all certificates were protected. Unfortunately PG doesn't make this incredibly easy to implement, it allows only 1 client root cert, the client side doesn't understand system certificate stores or PKI, etc. Further, if someone gains access to the password hashes there is still a pass-the-hash vulnerability, though.