Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit185f4f8

Browse files
committed
doc: clarify SCRAM channel binding
Discussion:https://postgr.es/m/20180514231020.GB1600@paquier.xyzReviewed-by: Michael Paquier
1 parentcf9c75c commit185f4f8

File tree

2 files changed

+36
-5
lines changed

2 files changed

+36
-5
lines changed

‎doc/src/sgml/libpq.sgml

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1242,14 +1242,18 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
12421242
<term><literal>scram_channel_binding</literal></term>
12431243
<listitem>
12441244
<para>
1245-
Specifies the channel binding type to use with SCRAM authentication.
1246-
The list of channel binding types supported by server are listed in
1247-
<xref linkend="sasl-authentication"/>. An empty value specifies that
1248-
the client will not use channel binding. The default value is
1249-
<literal>tls-unique</literal>.
1245+
Specifies the channel binding type to use with SCRAM
1246+
authentication. While <acronym>SCRAM</acronym> alone prevents
1247+
the replay of transmitted hashed passwords, channel binding also
1248+
prevents man-in-the-middle attacks.
12501249
</para>
12511250

12521251
<para>
1252+
The list of channel binding types supported by the server are
1253+
listed in <xref linkend="sasl-authentication"/>. An empty value
1254+
specifies that the client will not use channel binding. If this
1255+
parameter is not specified, <literal>tls-unique</literal> is used,
1256+
if supported by both server and client.
12531257
Channel binding is only supported on SSL connections. If the
12541258
connection is not using SSL, then this setting is ignored.
12551259
</para>

‎doc/src/sgml/protocol.sgml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1584,6 +1584,33 @@ should use <literal>tls-unique</literal> if they can support it.
15841584
that cannot support <literal>tls-unique</literal> for some reason.
15851585
</para>
15861586

1587+
<para>
1588+
In <acronym>SCRAM</acronym> without channel binding, the server chooses
1589+
a random number that is transmitted to the client to be mixed with the
1590+
user-supplied password in the transmitted password hash. While this
1591+
prevents the password hash from being successfully retransmitted in
1592+
a later session, it does not prevent a fake server between the real
1593+
server and client from passing through the server's random value
1594+
and successfully authenticating.
1595+
</para>
1596+
1597+
<para>
1598+
<acronym>SCRAM</acronym> with channel binding prevents such
1599+
man-in-the-middle attacks by mixing a value into the transmitted
1600+
password hash that cannot be retransmitted by a fake server.
1601+
In <acronym>SCRAM</acronym> with <literal>tls-unique</literal>
1602+
channel binding, the shared secret negotiated during the SSL session
1603+
is mixed into the user-supplied password hash. The shared secret
1604+
is partly chosen by the server, but not directly transmitted, making
1605+
it impossible for a fake server to create an SSL connection with the
1606+
client that has the same shared secret it has with the real server.
1607+
<acronym>SCRAM</acronym> with <literal>tls-server-end-point</literal>
1608+
mixes a hash of the server's certificate into the user-supplied password
1609+
hash. While a fake server can retransmit the real server's certificate,
1610+
it doesn't have access to the private key matching that certificate, and
1611+
therefore cannot prove it is the owner, causing SSL connection failure.
1612+
</para>
1613+
15871614
<procedure>
15881615
<title>Example</title>
15891616
<step id="scram-begin">

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp