On 5/25/23 3:27 PM, Jacob Champion wrote:
On Thu, May 25, 2023 at 10:48 AM Jonathan S. Katz <jk...@postgresql.org> wrote:Overall, +1 to tightening the language around the docs in this area.However, to paraphrase Stephen, I think the language, as currently written, makes the problem sound scarier than it actually is, and I agree that we should just inline it above.How does v2 look? I more or less divided the current text into a local section and a network section. (I'm still not clear on where in the current text you're wanting me to inline a sudden aside on SCRAM; it doesn't really seem to fit in any of the existing paragraphs.)
I read through the proposal and like this much better. I missed Stephen's point on the "where" to put it in this section; I actually don't know if I agree with that (he says while painting the bikeshed), given the we spend two paragraphs describing how to prevent spoofing in general over the network, vs. just during SCRAM authentication.
I rewrote this to just focus on server spoofing that can occur with SCRAM authentication and did some wordsmithing. I was torn on keeping in the part of offline analysis of an intercepted hash, given one can do this with md5 as well, but perhaps it helps elaborate on the consequences.
Thanks, Jonathan
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index dbe23db54f..a3f4b258f7 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -2014,6 +2014,18 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433
CA.
</para>
+ <para>
+ To prevent server spoofing from occurring when using
+ <link linkend="auth-password">scram-sha-256</link> password authentication
+ over a network, you should ensure you are connecting using SSL.
Additionally,
+ the SCRAM implementation in <application>libpq</application> cannot protect
+ the entire authentication exchange, but using the
+ <literal>channel_binding=require</literal> connection parameter provides a
+ mitigation against server spoofing. An attacker that uses a rogue server to
+ intercept a SCRAM exchange can use offline analysis to determine the hashed
+ password from the client.
+ </para>
+
<para>
To prevent spoofing with GSSAPI, the server must be configured to accept
only <literal>hostgssenc</literal> connections
OpenPGP_signature
Description: OpenPGP digital signature
