On Wed, Apr 26, 2017 at 12:20 AM, Bruce Momjian <br...@momjian.us> wrote:
> On Tue, Apr 25, 2017 at 02:39:40PM +0900, Michael Paquier wrote:
>> <para>
>> Add <link linkend="auth-pg-hba-conf"><literal>SCRAM-SHA-256</></>
>> support for password negotiation and storage (Michael
>> Paquier, Heikki Linnakangas)
>> </para>
>> <para>
>> This proves better security than the existing 'md5' negotiation and
>> storage method.
>> </para>
>> This is quite vague...
> Can you give me better text?  I can't think of any.

Sure, here is an idea:
Add support for SASL authentication using protocol mechanism
SCRAM-SHA-256 per RFC 5802 and 7677. (adding a reference to the RFCs
with a link seems important to me).

SCRAM-SHA-256 improves deficiencies of MD5 password hashing by
preventing any kind of pass-the-hash vulnerabilities, where a user
would be able to connect to a PostgreSQL instance by just knowing the
hash of a password and not the password itself.

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to