| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Albrecht Dreß <albrecht(dot)dress(at)arcor(dot)de> |
| Cc: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org, Michael Paquier <michael(at)paquier(dot)xyz> |
| Subject: | Re: FDW Foreign Table Access: strange LOG message |
| Date: | 2018-03-23 22:22:58 |
| Message-ID: | 13523.1521843778@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Albrecht =?iso-8859-1?b?RHJl3w==?= <albrecht(dot)dress(at)arcor(dot)de> writes:
> A different, confusing point (which is closer to a “bug” IMHO) is that connections to localhost are actually encrypted by default. This is basically useless and just a waste of cpu cycles – if a malicious user may somehow tap (tcpdump) lo, there is a different problem which can not be mitigated by encryption…
I agree that it's not very useful to do that, but it'd be tough for us to
make it not happen by default --- that requires knowing an awful lot about
the local network topology. Not sure that we'd want to assume that
"localhost" is safe, and we'd certainly not know what to do for
connections that use the host's name.
Note that in most scenarios, "local" connections travel over a Unix socket
not TCP, and in that case we don't encrypt.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2018-03-23 23:17:30 | Re: pg_stat_statements: password in command is not obfuscated |
| Previous Message | MOISES ESPINOSA | 2018-03-23 22:04:41 | case and accent insensitive |