PGCon2017 - 20180510

PGCon 2017
The PostgreSQL Conference

Heikki Linnakangas
Day Talks - Day 2 - 2017-05-26
Room DMS 1120
Start time 15:00
Duration 00:45
ID 1071
Event type Lecture
Track Hacking
Language used for presentation English

SCRAM authentication in PostgreSQL

PostgreSQL's current password-based authentication mechanism is old and weak by today's standards. It uses MD5, which is generally considered not secure anymore. SSL can alleviate that, and there are other, stronger, authentication mechanisms like Kerberos, but they are more complicated to set up.

SCRAM is a modern, secure password-based authentication mechanism. There is a patch in the works, to support SCRAM authentication in PostgreSQL, replacing the current MD5 authentication mechanism in the long run. By the time of PGCon, it is hopefully committed, and will appear in PostgreSQL version 10.

In this presentation, I will explain how SCRAM works, and the benefits it has over current authentication mechanisms. I will give an update of the current status of the patch, as well as status of driver support and future works.