You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am currently looking for a proxy solution for PostgreSQL and am evaluating ProxySQL, as it is already successfully used in my environment for MySQL connections. My goal is to have a single proxy service for both databases to simplify operations and unify the architecture.
While testing PostgreSQL support, I have a question regarding authentication and password handling.
PostgreSQL natively supports authentication mechanisms such as MD5 and SCRAM-SHA-256, where the client provides a plain-text password and the server verifies it against a stored hash.
Is ProxySQL able to provide a similar authentication flow for PostgreSQL, namely:
accept a plain-text password from the client,
validate it against a stored MD5 (or SCRAM) hash in pgsql_users.password,
and prevent clients from authenticating by supplying the hash itself as the password?
Currently, when an MD5 hash is stored in pgsql_users.password, a client can connect by providing that hash directly as the password. This behavior is a blocking point for me when considering ProxySQL as a unified proxy for both MySQL and PostgreSQL.
Is there a configuration option, recommended pattern, or roadmap item to address this behavior?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello team,
I am currently looking for a proxy solution for PostgreSQL and am evaluating ProxySQL, as it is already successfully used in my environment for MySQL connections. My goal is to have a single proxy service for both databases to simplify operations and unify the architecture.
While testing PostgreSQL support, I have a question regarding authentication and password handling.
PostgreSQL natively supports authentication mechanisms such as MD5 and SCRAM-SHA-256, where the client provides a plain-text password and the server verifies it against a stored hash.
Is ProxySQL able to provide a similar authentication flow for PostgreSQL, namely:
Currently, when an MD5 hash is stored in pgsql_users.password, a client can connect by providing that hash directly as the password. This behavior is a blocking point for me when considering ProxySQL as a unified proxy for both MySQL and PostgreSQL.
Is there a configuration option, recommended pattern, or roadmap item to address this behavior?
Thank you for your time and clarification.
Best regards,
Oleksandr
Beta Was this translation helpful? Give feedback.
All reactions