| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: postgresql.key secure storage |
| Date: | 2009-09-13 18:17:30 |
| Message-ID: | 4AAD373A.2090306@hogranch.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Saleem EDAH-TALLY wrote:
> This concerns use of postgresql.key private key file on the client side.
>
> psql can't establish a connection. with an encrypted postgresql.key file. If
> I'm wrong here, the following is invalid and please show me the steps I'm
> ignoring.
>
> An application using libpq would require that the private unencrypted key be
> deployed to the end user, together with the public key and trust cert. This
> would mean if the end user is curious enough and computer litterate, he can
> bypass the client application and make a direct connection to the server with
> psql for example. It's then possible to issue commands like TRUNCATE TABLE...
>
sounds like you should be using a 3-tier architecture, where the
application running on the untrusted user computer isn't allowed to
directly connect to the database at all, rather, connects to middleware
on a secured computer which executes all business logic and makes any
database connections.
of course, this moves the security issues to your client->server
application protocol
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rajesh Kumar Mallah | 2009-09-13 18:42:05 | Re: schema proxying virtual database |
| Previous Message | Stefan Kaltenbrunner | 2009-09-13 17:32:44 | Re: schema proxying virtual database |