| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
| Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Simon Arlott <simon(at)arlott(dot)org>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #3809: SSL "unsafe" private key permissions bug |
| Date: | 2007-12-08 23:57:34 |
| Message-ID: | 28918.1197158254@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> writes:
> Gregory Stark wrote:
>> Storing your keys on a usb stick (which usually use fat filesystems)
>> isn't really such a crazy idea either.
> Storing a server SSL key on a USB stick is not crazy? I don't follow.
> What use case do you have for that?
It's worth pointing out also that we require server.key to be directly
in the $PGDATA directory, which means that any filesystem limitations on
its permissions info are going to apply to the $PGDATA directory itself.
Curiously enough, the access-permission checks on both $PGDATA and
$PGDATA/server.key are diked out in WIN32 builds, but I consider that
a bug we should fix, not a feature to be extended.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gregory Stark | 2007-12-09 00:54:07 | Re: BUG #3809: SSL "unsafe" private key permissions bug |
| Previous Message | A. Ozen Akyurek | 2007-12-08 21:26:42 | BUG #3810: OleDB recognizes blob columns as integer in Delphi 6.0 |