| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | SSL over Unix-domain sockets |
| Date: | 2009-03-25 12:35:48 |
| Message-ID: | 49CA2524.5010809@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I found an old patch on my disk to enable SSL over Unix-domain sockets.
Remember, about a year ago it was discussed that there might also be
man-in-the-middle or fake-server attacks using Unix-domain sockets,
because usually anyone can start a server in /tmp. After an extensive
discussion (mainly about moving the socket out of /tmp by default;
please don't start that again), it was determined that using SSL server
verification would be the proper solution and it fact works without
problems. Except that the start-up overhead was increased significantly
(because of the initial key exchange and session key setup etc.).
Back then we didn't really have a good solution, but I figured since 8.4
rearranges the SSL connection parameters anyway, we could stick that in
there.
I imagine for example, we could invent an additional sslmode of the sort
prefer-but-not-if-local-socket, which could be the default.
The other question is whether sslverify=cn makes sense, but that may be
up to the user to find out.
Comments?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sam Mason | 2009-03-25 12:44:08 | Re: Matching dimensions in arrays |
| Previous Message | Sam Mason | 2009-03-25 12:27:11 | Re: improving concurrent transactin commit rate |