doc: PG 11 relnotes: remove channel binding from major features
Also move to the source code section, and expand the paragraph
-
- Channel binding for SCRAM authentication, to prevent potential
- man-in-the-middle attacks on database connections
-
-
-
Many other useful performance improvements, including making
-
- Add libpq option to support channel binding when using
- linkend="auth-password">
SCRAM- authentication (Michael Paquier)
-
-
- While
SCRAM always prevents the
- replay of transmitted hashed passwords in a later
- session,
SCRAM with channel binding
- also prevents man-in-the-middle attacks. The options are
- linkend="libpq-scram-channel-binding">
- and .
-
-
-
-
-
+
+ Add ability to use channel binding when using
+ linkend="auth-password">
SCRAM+ authentication (Michael Paquier)
+
+
+ While
SCRAM always prevents the
+ replay of transmitted hashed passwords in a later session,
+
SCRAM with channel binding can also prevent
+ man-in-the-middle attacks. However, since there is no way
+ to force channel binding in libpq,
+ the feature currently does not prevent man-in-the-middle
+ attacks when using libpq and interfaces built using it. It is
+ expected that future versions of libpq and interfaces not built
+ using libpq, e.g. JDBC, will allow this capability. The libpq
+ options to control the optional channel binding type are
+ linkend="libpq-scram-channel-binding">
+ and .
+
+
+
+
+
projects / postgresql.git / commitdiff