| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: src/test/ssl broken on HEAD |
| Date: | 2015-09-06 07:01:46 |
| Message-ID: | 20150906070146.GA3075505@tornado.leadboat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Sep 03, 2015 at 01:15:47AM +0200, Andres Freund wrote:
> On 2015-09-02 17:03:46 -0400, Robert Haas wrote:
> > On Wed, Sep 2, 2015 at 4:50 PM, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
> > > Tell me what's needed and I'll look at creating a buildfarm test module for
> > > it.
> > It's not run by the global "check" or "installcheck" targets, because the
> > temporary installation it creates accepts TCP connections from any user
> > the same host, which is insecure.
The buildfarm client may as well ignore that security hazard, because today's
buildfarm client starts likewise-exposed postmasters directly.
> We could just implement SSL over unix sockets. Obviously the
> connection-encryption aspect isn't actually useful, but e.g. client
> certs still make sense. Besides, it allows to avoid concerns like the
> above...
Agreed.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2015-09-06 08:24:48 | Re: Multi-column distinctness. |
| Previous Message | Noah Misch | 2015-09-06 05:56:06 | Re: Autonomous Transaction is back |