On 04/06/2017 11:16 PM, Simon Riggs wrote:
can just ignore the list and send what it wants anyway, probably leading
to client disconnect.
It would need to follow one of the requested protocols, but mark the
request as doomed. Otherwise we'd be revealing information. That's
what SCRAM does now.
It's not a secret today, what authentication method the server requires.
You can't really hide it, anyway, as the client could probe with
different lists of supported methods, and see which method the server
picks in each case.
Sent via pgsql-hackers mailing list (email@example.com)
To make changes to your subscription: