Closed jkatz closed 2 years ago
lpil
commented
2 years ago Hit into this today as PostgreSQL with SCRAM is used by https://fly.io/, a deployment platform that's pushing the BEAM quite hard at the moment.
Here's the epgsql implementation: https://github.com/epgsql/epgsql/pull/156/files
And the Elixir Postgrex one: https://github.com/elixir-ecto/postgrex/blob/master/lib/postgrex/scram.ex
tsloughter
commented
2 years ago Thanks @jkatz ! Wish I had not somehow missed this issue you raised 4 months ago and could have been on top of this for postgres 14!
jkatz
commented
2 years ago @tsloughter It's never too late to support SCRAM! 😉 I'd be happy to review your implementation.
tsloughter
commented
2 years ago @jkatz I've started on this but is it another case of postgres' "documentation" of the protocol only being the C code :) or is there some outline of the protocol somewhere?
tsloughter
commented
2 years ago Oh, I missed you have a presentation, maybe that'll be enough, I'll give it a look.
jkatz
commented
2 years ago tsloughter
commented
2 years ago Update: I have it working (thanks to epgsql :) and just need to clean up the code a bit before opening a PR. Hopefully can get someone to review the code a bit (@lpil ?) so I don't just have to merge it.
lpil
commented
2 years ago I'm game
tsloughter
commented
2 years ago @lpil cool. I was able to do it over the weekend but can't figure out why there are broken tests completely unrelated to these changes :(. Realized I should just open the PR anyway so you can take a look, so will do that this morning.
tsloughter
commented
2 years ago Here it is: https://github.com/erleans/pgo/pull/58
I see I still need to move CI to github actions :(
tsloughter
commented
2 years ago Resolved by #58
lpil
commented
2 years ago Amazing! Thank you very much
jkatz
commented
2 years ago @tsloughter Thank you! I've updated the PG wiki to indicate pgo supports SCRAM.
tsloughter
commented
2 years ago Thanks!
Support for SCRAM password authentication was introduced in PostgreSQL 10; PostgreSQL 14 defaults to using
scram-sha-256for password hashing by default:While the
md5is still supported, it is gradually being phased out in favor of SCRAM.If you need some reference implementations beyond the PostgreSQL source, here is a list of known PostgreSQL drivers + SCRAM status ( I also have a presentation on the topic that shows the workflow).