diff options
| author | Peter Eisentraut <peter@eisentraut.org> | 2025-03-24 14:09:51 +0100 |
|---|---|---|
| committer | Peter Eisentraut <peter@eisentraut.org> | 2025-03-24 15:56:53 +0100 |
| commit | 76563f88cfbd91696e7ebe568dead648f2d229ff (patch) | |
| tree | cc4bab9643c21549afcae874a4c8631db08f520a /doc/src | |
| parent | a8eeb22f171437f11ca2098f9b3094545263d8cd (diff) | |
| download | postgresql-76563f88cfbd91696e7ebe568dead648f2d229ff.tar.gz postgresql-76563f88cfbd91696e7ebe568dead648f2d229ff.zip | |
postgres_fdw: improve security checks
SCRAM pass-through should not bypass the FDW security check as it was
implemented for postgres_fdw in commit 761c79508e7.
This commit improves the security check by adding new SCRAM
pass-through checks to ensure that the required SCRAM connection
options are not overwritten by the user mapping or foreign server
options. This is meant to match the security requirements for a
password-using connection.
Since libpq has no SCRAM-specific equivalent of
PQconnectionUsedPassword(), we enforce this instead by making the
use_scram_passthrough option of postgres_fdw imply
require_auth=scram-sha-256. This means that if use_scram_passthrough
is set, some situations that might otherwise have worked are
preempted, for example GSSAPI with delegated credentials. This could
be enhanced in the future if there is desire for more flexibility.
Reported-by: Jacob Champion <jacob.champion@enterprisedb.com>
Author: Matheus Alcantara <mths.dev@pm.me>
Co-authored-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>
Discussion: https://www.postgresql.org/message-id/flat/CAFY6G8ercA1KES%3DE_0__R9QCTR805TTyYr1No8qF8ZxmMg8z2Q%40mail.gmail.com
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/postgres-fdw.sgml | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml index a7f2f5ca182..65e36f1f3e4 100644 --- a/doc/src/sgml/postgres-fdw.sgml +++ b/doc/src/sgml/postgres-fdw.sgml @@ -788,10 +788,8 @@ OPTIONS (ADD password_required 'false'); <itemizedlist> <listitem> <para> - The remote server must request SCRAM authentication. (If desired, - enforce this on the client side (FDW side) with the option - <literal>require_auth</literal>.) If another authentication method - is requested by the server, then that one will be used normally. + The remote server must request the <literal>scram-sha-256</literal> + authentication method; otherwise, the connection will fail. </para> </listitem> @@ -805,10 +803,7 @@ OPTIONS (ADD password_required 'false'); <listitem> <para> - The user mapping password is not used. (It could be set to support - other authentication methods, but that would arguably violate the - point of this feature, which is to avoid storing plain-text - passwords.) + The user mapping password is not used. </para> </listitem> |