Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCRAM-SHA-256 Support #5

Closed
jkatz opened this issue Jun 11, 2019 · 7 comments
Closed

SCRAM-SHA-256 Support #5

jkatz opened this issue Jun 11, 2019 · 7 comments
Labels
enhancement New feature or request

Comments

@jkatz
Copy link

jkatz commented Jun 11, 2019

Hi! Thanks for writing this driver for Swift!

PostgreSQL has supported SCRAM-SHA-256 authentication since version 10 and the community is looking to make it the default password-based authentication method for version 13 (more than a year away, so there is some time). As such, I would strongly recommend to support it 😄

A list of non-libpq based implementations that are implementing SCRAM can be found here: https://wiki.postgresql.org/wiki/List_of_drivers

I have some practice implementing the method so I'm happy to help where needed.
@pitfield pitfield added the enhancement New feature or request label Jun 14, 2019
@pitfield
Copy link
Member

Thanks for the heads up on Postgres 13. +1 to adding SCRAM-SHA-256 support.

Thanks also for the link to your Python client code for this. That will definitely help. I was getting tangled up in the web of RFCs.

@neilt
Copy link

neilt commented May 22, 2020

I am also looking for this. It seems that the Postgres community is considering holding off till 14 to make SCRAM the default, but during the discussion this project was the only driver mentioned that did not implement SCRAM support.

@pitfield
Copy link
Member

Thanks for the heads up about possibly holding off to 14 to make SCRAM the default. I found the relevant thread.

I'm hoping get SCRAM support into PostgresClientKit in the next few months.

@jkatz
Copy link
Author

jkatz commented Jun 10, 2020

As a follow-up, SCRAM is now the official password default in PG14 😁 So there's about t-minus a year and change before the updated default is released (14 Beta 1 is ~May 2021).

I'm happy to answer any questions about SCRAM or the implementation. Here is a higher-level overview of how it works in PostgreSQL.

@pitfield
Copy link
Member

Nice slide deck!

I started working on this last week. One question for you, @jkatz: In the PR you mentioned earlier, you mention:

PostgreSQL 11 added support for the channel binding (i.e.
SCRAM-SHA-256-PLUS) but to do some ongoing discussion, there is a conscious
decision by several driver authors to not support it as of yet.

Could you elaborate, or suggest where I could get more details on this decision? Is this because the underlying SSL stack may not provide APIs to retrieve the TLS FinishedMessage (for tls-unique) or server certificate (for tls-server-end-point)? (I noticed that the Postgres server now only supports tls-server-end-point.)

Thanks!

@pitfield
Copy link
Member

SCRAM-SHA-256 authentication is available in v1.3.0.

@jkatz
Copy link
Author

jkatz commented Jul 24, 2020

@pitfield Oops I missed the question, sorry! Congrats!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkatz @neilt @pitfield