SFBayPUG June 2022: Get Your Insecure PostgreSQL Passwords to SCRAM!


Details
Join us virtually on June 14, 2022, as Jonathan Katz presents "Get Your Insecure PostgreSQL Passwords to SCRAM!"
PostgreSQL 10 introduced SCRAM (Salted Challenge Response Authentication Mechanism) to securely authenticate passwords. The SCRAM algorithm lets a client and server securely validate a password without ever exchanging the password using a series of cryptographic methods!
In this talk, we will look at:
- A history of password storage and authentication in PostgreSQL
- Flaws in each of the legacy PostgreSQL password-based authentication methods
- How SCRAM works with a guided deep dive into the algorithm
- Channel binding, which helps prevent authentication MITM attacks
- How to safely set and modify your passwords, and how to upgrade to SCRAM-SHA-256
Jonathan Katz is a Principal Product Manager Technical at AWS on the RDS Open Source Team. Prior to this, he was the VP of Platform Engineering at Crunchy Data, focused on managing PGO, an open source Postgres Operator behind Crunchy Postgres for Kubernetes.
Jonathan is on the PostgreSQL Core Team and is involved in various governance aspects of the PostgreSQL Global Development Group. He is a Secretary and Director of the PostgreSQL Community Association of Canada NPO and is a Director of the United States PostgreSQL Association NPO. He speaks at conferences around the world on both app developer and operations topics on PostgreSQL and associated technologies like Kubernetes.
Prior to Crunchy Data, Jonathan was CTO at VenueBook and before that, VP of Technology at Paperless Post. Jonathan graduated from Tufts University with a B.S. in Computer Science and a B.A. in Mathematics.
Schedule:
12:00 PM Announcements, speaker introduction, presentation, Q&A.
1:15 PM Closing announcements, wrap up.
1:30 PM Event ends.
The link and detailed joining instructions, including the dial-in numbers for phone access, will be sent by email the day prior to the event, and posted on Meetup for those who have RSVPed "Yes".
General information about using GoToMeeting for this event can be found at:
https://bit.ly/SFBayPUGGTM

SFBayPUG June 2022: Get Your Insecure PostgreSQL Passwords to SCRAM!