From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Trevor Talbot" <quension(at)gmail(dot)com> |
Cc: | "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Spoofing as the postmaster |
Date: | 2007-12-28 16:37:29 |
Message-ID: | 3877.1198859849@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
"Trevor Talbot" <quension(at)gmail(dot)com> writes:
> There's a fundamental problem that you can't make someone else do
> authentication if they don't want to, and that's exactly the situation
> clients are in. I don't see how this can possibly be fixed anywhere
> other than the client.
The point of requiring authentication from the server side is that it
will get people to configure their client code properly. Then if a MITM
attack is subsequently attempted, the client code will detect it.
It's true that this doesn't offer much defense in the case where a new
user is getting set up and a MITM attack is already active. But a user
who blindly trusts a server that he's never connected to before is open
to all sorts of attacks, starting for instance with mistyping the host
name. The fact that this approach doesn't (by itself) solve that
problem doesn't make it useless.
Also, getting people in the habit of setting up for mutual
authentication does have value in that scenario too; it makes the new
user perhaps a bit more likely to distrust a server that isn't
presenting the right certificate.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2007-12-28 17:14:42 | Re: [HACKERS] Unworkable column delimiter characters for COPY |
Previous Message | Trevor Talbot | 2007-12-28 15:48:22 | Re: Spoofing as the postmaster |