2017-12-26 03:27:43 +0000
As designed by RFC 7677 and RFC 5802, SCRAM verifiers (please take this term as a password if you want, which means a proof of authentication) are defined with default parameters which make the computation of a proof costly, making it more expensive to do dictionary or brute-force attacks while offline. Longer nonces help in making the computation longer, but there are as well two parameters that help in deciding such computation time and strength to offline attacks:
Read more...2017-12-18 02:40:51 +0000
A couple of days back a thread has showed up on pgsql-hackers to discuss about the possibility of a function scanning all the partitions of a chain to get its size. The thread is here.
Read more...2017-12-03 07:05:22 +0000
It has been a long time since the last post. Today here is a post about the following feature that will land in Postgres 11:
Read more...2017-09-14 03:20:17 +0000
A couple of days back a new feature has landed in the PostgreSQL world for the development of version 11, in the shape of the following commit:
Read more...2017-08-21 06:16:22 +0000
The last round of minor releases of PostgreSQL has been released on the 10th of August with a couple of security problem addressed and many more bugs.
Read more...2017-06-30 02:18:44 +0000
With the SCRAM implementation done in Postgres 10, it is time to move on with other things in this area. The next, and perhaps last, area of focus in the implementation of channel binding, on which a patch has been submitted for integration into Postgres 11.
Read more...2017-06-07 09:20:22 +0000
The addition of SCRAM-SHA-256 is proving to have many benefits in PostgreSQL over MD5, but it has required an extension of the authentication protocol so as message exchanges for SASL authentication are able to work correctly. A lot of details on this matter are defined in the documentation:
Read more...2017-05-16 05:45:45 +0000
Postgres 10 will be released in a couple of months, with its beta 1 to be out very soon, and for this release many small, incompatible changes have been introduced during its development to help with long-term maintenance. The full list of items is present in the release notes, and here are the changes that can have an impact on any applications relying of what PostgreSQL has provided up to now.
Read more...2017-04-18 05:18:09 +0000
An important step in the SCRAM authentication is called SASLprep, a mandatory feature to be sure about the equivalence of two strings encoded with UTF-8. A first commit has added support for SCRAM-SHA-256 protocol with the full SASL exchange plugged on top of it, and this has been implemented by the following commit:
Read more...2017-03-22 06:30:45 +0000
The following feature has landed in Postgres 10 to help system administrators:
Read more...Unless otherwise specified, the contents of this website are (C)Copyright Michael Paquier 2010-2019 and are licensed for use under CC BY-SA 3.0.