Support for SCRAM Authentication

[bernhardreiter]

It would be nice if pgx could support the SCRAM Authentication method offered by PostgreSQL
since version 10.

https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-PASSWORD

This method saves password in a more secure manner based on RFC7677, so that they are more safe
if the database gets copied from the server or found in a backup. According to https://pages.nist.gov/800-63-3/sp800-63b.html#sec5 that is recommended.

[jackc]

I agree it'd be good to have, but it's not something I can tackle right now.

[bernhardreiter]

@jackc still good that you signal agreement with the feature wish. Thanks for the reply. ;)

[kravietz]

SCRAM-SHA-256 is now the preferred authentication method from 10+ per Authentication Methods so not having it is a huge disadvantage.

[ptman]

This is also something that lib/pq doesn't support and for which there are already patches for lib/pq, so maybe it wouldn't be too hard to port. See lib/pq#817

[davidfetter]

It's been merged into lib/pq. Bump :)

[jackc]

Okay. Here it is: 5044e84

[davidfetter]

Thanks!

[Neustradamus]

@bernhardreiter: Thanks a lot for all about SCRAM.

Linked to:

• State of Play scram-sasl/info#1

[bernhardreiter]

@Neustradamus

@bernhardreiter: Thanks a lot for all about SCRAM.

The implementation was done by @jackc, he deserves all the credit. :)=
My contribution was to just open this issue.

[Neustradamus]

Ah sorry, thanks to @jackc for the commit and @bernhardreiter for the request!

Since PostgreSQL 13, there is SCRAM-SHA-256-PLUS, if you want to add :)