On 08/12/2015 01:37 PM, Stephen Frost wrote: > Would be great to get comments on the other comments, specifically that > adding SCRAM's password verifier won't seriously change the security of > a user's account or password based on an attack vector where the > contents of pg_authid is compromised. I do agree with the general > concern that the additional complexity involved in supporting multiple > password verifiers may result in bugs, and likely security ones, but I > really expect the larger risk to be from the SCRAM implementation itself > than how we get data into and back out of our own catalogs.
There's also the concern that the additional complexity will cause *users* to make security-compromising mistakes, which I think is the greater risk. Robert has mostly won me over to his point of view on this. The only case where I can see multiple verifiers per role making a real difference in migrations is for PGAAS hosting. But the folks from Heroku and AWS have been notably silent on this; lemme ping them. -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
