| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-27 20:46:23 |
| Message-ID: | 20256.1198788383@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> Sure. But we *do* provide a way to work around it *if you have to*: use
> SSL with trusted certificates. In the large number of cases where you
> *don't* need to worry about it, there's no need to add any extra overhead.
> And if you're going with SSL already, the extra overhead of TCP vs Unix
> sockets shouldn't matter *at all*... So I don't really see a motivation
> for us to support SSL over Unix sockets, if it adds any complexity to
> the code.
Well, the problem with the current behavior is that the client app can
"require SSL", but the request is silently ignored if the connection is
over Unix socket. So you might think you're secure when you aren't.
I think that the reason we don't support SSL over Unix socket is mainly
that we thought it was useless; but this discussion has exposed reasons
to use it. So I'm for just eliminating the asymmetry.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2007-12-27 21:23:55 | Re: Spoofing as the postmaster |
| Previous Message | Peter Eisentraut | 2007-12-27 20:32:59 | Re: Spoofing as the postmaster |