-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SCRAM-SHA-256 Support #5
Comments
Thanks for the heads up on Postgres 13. +1 to adding SCRAM-SHA-256 support. Thanks also for the link to your Python client code for this. That will definitely help. I was getting tangled up in the web of RFCs. |
I am also looking for this. It seems that the Postgres community is considering holding off till 14 to make SCRAM the default, but during the discussion this project was the only driver mentioned that did not implement SCRAM support. |
Thanks for the heads up about possibly holding off to 14 to make SCRAM the default. I found the relevant thread. I'm hoping get SCRAM support into PostgresClientKit in the next few months. |
As a follow-up, SCRAM is now the official password default in PG14 😁 So there's about t-minus a year and change before the updated default is released (14 Beta 1 is ~May 2021). I'm happy to answer any questions about SCRAM or the implementation. Here is a higher-level overview of how it works in PostgreSQL. |
Nice slide deck! I started working on this last week. One question for you, @jkatz: In the PR you mentioned earlier, you mention:
Could you elaborate, or suggest where I could get more details on this decision? Is this because the underlying SSL stack may not provide APIs to retrieve the TLS FinishedMessage (for tls-unique) or server certificate (for tls-server-end-point)? (I noticed that the Postgres server now only supports tls-server-end-point.) Thanks! |
SCRAM-SHA-256 authentication is available in v1.3.0. |
@pitfield Oops I missed the question, sorry! Congrats!!! |
Hi! Thanks for writing this driver for Swift!
PostgreSQL has supported SCRAM-SHA-256 authentication since version 10 and the community is looking to make it the default password-based authentication method for version 13 (more than a year away, so there is some time). As such, I would strongly recommend to support it 😄
A list of non-libpq based implementations that are implementing SCRAM can be found here: https://wiki.postgresql.org/wiki/List_of_drivers
I have some practice implementing the method so I'm happy to help where needed.
The text was updated successfully, but these errors were encountered: