Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SASL/SCRAM-SHA-256 support for PostgreSQL 10 #1530

Closed
john2014 opened this issue Apr 8, 2017 · 12 comments
Closed

SASL/SCRAM-SHA-256 support for PostgreSQL 10 #1530

john2014 opened this issue Apr 8, 2017 · 12 comments
Milestone

Comments

@john2014
Copy link

@john2014 john2014 commented Apr 8, 2017

Hi Roji, One of the new features added to Postgresql 10 is using SCRAM-SHA-256 authentication instead of the default (and less secure) MD5 authentication.

For users to be able to use this new authentication, the client driver has to support it. The blog post below has more details:
http://paquier.xyz/postgresql-2/postgres-10-scram-authentication/

This blog post has a good overview on all major upcoming features:

http://rhaas.blogspot.com/2017/04/new-features-coming-in-postgresql-10.html

BTW, does Npgsql have something similar to Pgbouncer built in?

@roji roji added this to the 3.3 milestone Apr 9, 2017
@roji
Copy link
Member

@roji roji commented Apr 9, 2017

@john2014 yeah, I've been following the discussion and work on this on pghackers - it's an exciting feature. It's definitely something important that needs to be done.

Unfortunately, a quick search doesn't yield any good, maintained SASL implementation for .NET. We could in theory include a native SASL implementation (e.g. Cyrus) but that should really be a last-resort solution. If anyone has any experience or would like to give a hand, that would be very welcome.

(and yes, Npgsql includes a high-performance internal connection pool which is on by default)

@roji
Copy link
Member

@roji roji commented Dec 30, 2017

It may be possible to do SCRAM with CryptSharp.

@Shkarlatov
Copy link

@Shkarlatov Shkarlatov commented Jan 5, 2018

MailKit have SCRAM implementation (used bouncycastle)

@roji
Copy link
Member

@roji roji commented Jan 5, 2018

@CrazyAlex25 thanks, this looks great. It looks like we could easily bring in their implementation into Npgsql...

@roji
Copy link
Member

@roji roji commented Jan 5, 2018

@CrazyAlex25 are you interested in working on a PR for this? Otherwise I can probably get around to it soon.

@Shkarlatov
Copy link

@Shkarlatov Shkarlatov commented Jan 5, 2018

I can extract the code, but I do not know how to prepare for implementation in this project. I have not figured out where this code will be called

@uhayat
Copy link
Contributor

@uhayat uhayat commented Jan 5, 2018

@roji last weekend I added SCRAM implementation for Postgres 10.Following is the commit that I pushed Today.
Implementation for SCRAM-SHA-256 for Postgresql 10
99% work is complete and it properly authenticate users with scram-sha-256 password. A bit of work is pending will try to cover tomorrow.

@roji
Copy link
Member

@roji roji commented Jan 6, 2018

@uhayat that's great to hear! I don't currently have time to look at your code, once you finish up please submit a PR and I'll review properly. Did you base your work on MailKit as @CrazyAlex25 suggested above or on something else?

@Shkarlatov
Copy link

@Shkarlatov Shkarlatov commented Jan 6, 2018

@roji Looking the code, I can tell that there own implementation SASL + System.Security.Cryptography.HMACSHA256. And it's good, because MailKit depends on bouncycastle

@uhayat
Copy link
Contributor

@uhayat uhayat commented Jan 6, 2018

@roji Created following pull request.
#1769
@roji @CrazyAlex25 , Yes work is not based on Mailkit or any other .NET implementation. Before implementing this thing, i went through number of implementations ( dotnet, java and native c ) , all of them had some dependencies that i tried to avoid ( e.g license , incompatible with postgresql implementation, or over complexity )

@roji roji removed the up for grabs label Jan 31, 2018
@roji
Copy link
Member

@roji roji commented Jan 31, 2018

Merged #1769, thanks @uhayat.

@roji roji closed this Jan 31, 2018
@roji roji changed the title SCRAM support for Postgresql 10 SASL/SCRAM-SHA-256 support for PostgreSQL 10 Feb 3, 2018
@roji roji removed this from the 3.3 milestone Feb 3, 2018
@roji roji added this to the 3.2.7 milestone Feb 3, 2018
@roji
Copy link
Member

@roji roji commented Feb 3, 2018

Backported this for 3.2.7.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants