Use a safe implementation of SCRAM.

lib / pq

Pure Go Postgres driver for database/sql

https://pkg.go.dev/github.com/lib/pq

MIT License

9.11k stars 911 forks source link

Use a safe implementation of SCRAM. #914

Open mberhault opened 5 years ago

mberhault commented 5 years ago

The scram implementation has no unittests and ignores parts of the RFC (eg: the m field is supposed to trigger an authentication failure). This should be replaced with a fuller (and better tested) implementation. https://github.com/xdg-go/scram might be a candidate.

Neustradamus commented 11 months ago

Note that SCRAM-SHA-256 has been added in:

https://github.com/lib/pq/pull/833

Linked to:

https://github.com/lib/pq/issues/817
https://github.com/lib/pq/issues/914
https://github.com/lib/pq/issues/941
https://github.com/lib/pq/pull/608
https://github.com/lib/pq/pull/621
https://github.com/lib/pq/pull/788
https://github.com/scram-sasl/info/issues/1