Commitd0f4824

committed

doc: Add note to prevent server spoofing with SCRAM

The set of recommendations added in the documentation with this commithelps in avoiding SCRAM exchanges with untrusted servers.Author: Jacob Champion, Jonathan KatzReviewed-by: Stephen Frost, Daniel Gustafsson, Michael PaquierDiscussion:https://postgr.es/m/CAAWbhmg5Gh0JetNbQi7z0yOsdsN9YECv8GoY-QBGBBiip9+JOw@mail.gmail.com

1 parent47b7051 commitd0f4824Copy full SHA for d0f4824

File tree

+13

-0

lines changed

+13

-0

lines changed

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2014,6 +2014,19 @@ pg_dumpall -p 5432 \| psql -d postgres -p 5433`
`2014`	`2014`	`CA.`
`2015`	`2015`	`</para>`
`2016`	`2016`
	`2017`	`+ <para>`
	`2018`	`+ To prevent server spoofing from occurring when using`
	`2019`	`+ <link linkend="auth-password">scram-sha-256</link> password authentication`
	`2020`	`+ over a network, you should ensure that you connect to the server using SSL`
	`2021`	`+ and with one of the anti-spoofing methods described in the previous`
	`2022`	`+ paragraph. Additionally, the SCRAM implementation in`
	`2023`	`+ <application>libpq</application> cannot protect the entire authentication`
	`2024`	`+ exchange, but using the <literal>channel_binding=require</literal> connection`
	`2025`	`+ parameter provides a mitigation against server spoofing. An attacker that`
	`2026`	`+ uses a rogue server to intercept a SCRAM exchange can use offline analysis to`
	`2027`	`+ potentially determine the hashed password from the client.`
	`2028`	`+ </para>`
	`2029`	`+`
`2017`	`2030`	`<para>`
`2018`	`2031`	`To prevent spoofing with GSSAPI, the server must be configured to accept`
`2019`	`2032`	`only <literal>hostgssenc</literal> connections`

Comments

(0)