| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL over Unix-domain sockets |
| Date: | 2009-03-26 02:24:19 |
| Message-ID: | 200903260224.n2Q2OJB24156@momjian.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> I found an old patch on my disk to enable SSL over Unix-domain sockets.
>
> Remember, about a year ago it was discussed that there might also be
> man-in-the-middle or fake-server attacks using Unix-domain sockets,
> because usually anyone can start a server in /tmp. After an extensive
> discussion (mainly about moving the socket out of /tmp by default;
> please don't start that again), it was determined that using SSL server
> verification would be the proper solution and it fact works without
> problems. Except that the start-up overhead was increased significantly
> (because of the initial key exchange and session key setup etc.).
>
> Back then we didn't really have a good solution, but I figured since 8.4
> rearranges the SSL connection parameters anyway, we could stick that in
> there.
>
> I imagine for example, we could invent an additional sslmode of the sort
> prefer-but-not-if-local-socket, which could be the default.
>
> The other question is whether sslverify=cn makes sense, but that may be
> up to the user to find out.
I thought the logical solution to this was to place the socket in a
secure directory and not bother with SSL at all.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2009-03-26 02:29:59 | "maxretries" option of pg_standby doesn't work as expected |
| Previous Message | Bruce Momjian | 2009-03-26 02:13:23 | Re: small but useful patches for text search |