| From: | Dan Kaminsky <dan(at)doxpara(dot)com> |
|---|---|
| To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |
| Date: | 2008-08-19 15:58:06 |
| Message-ID: | 48AAED8E.1030402@doxpara.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Gregory Stark wrote:
> "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>
>
>> Actually, I had missed that the OP was looking at 7.3 rather than 8.3.
>> There was a "verify_peer()" in 7.3 but it was #ifdef'd out. The
>> question remains whether there's a reason to have it. It would be good
>> if the discussion were based on a non-obsolete PG version ...
>>
>
> Well in theory SSL without at least one-way authentication is actually
> worthless. It's susceptible to man-in-the-middle attacks meaning someone can
> sniff all the contents or even inject into or take over connections. It is
> proof against passive attacks but active attacks are known in the field so
> that's cold comfort these days.
As the finder of recent DNS issues, I'm pretty aware of real world
active attacks.
My question has been: When you attempt to create an SSL connection to
database.backend.com, do you actually validate that:
1) The subject name of the certificate you're connecting to is
database.backend.com, and
2) At least the basic checks (expiration, chaining back to a valid root)
occur?
I've gotten some reasonable hints that #2 happen, but I don't know if #1
happens, and these comments make me worry.
--Dan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-08-19 16:00:58 | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |
| Previous Message | Gregory Stark | 2008-08-19 09:34:46 | Re: BUG #4340: SECURITY: Is SSL Doing Anything? |