| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Chapman Flack <chap(at)anastigmatix(dot)net>, Ants Aasma <ants(at)cybertec(dot)at>, Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: what can go in root.crt ? |
| Date: | 2020-06-04 06:07:24 |
| Message-ID: | 9b72eeccc9062a1e1c5a57b2c9155d09b31a32f1.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 2020-06-03 at 19:57 -0400, Chapman Flack wrote:
> Ok, so a person in the situation described here, who is not in a position
> to demand changes in an organizational policy (whether or not it seems
> ill-conceived to you or even to him/her), is facing this question:
>
> What are the "safest" things I /can/ do, under the existing constraints,
> and /which of those will work in PostgreSQL/?
I feel bad about bending the basic idea of certificates and trust to suit
some misbegotten bureaucratic constraints on good security.
If you are working for a company that has a bad idea of security
and cannot be dissuaded from it, you point that out loudly and then
keep going. Trying to subvert the principles of an architecture
very often leads to pain in my experience.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oleksandr Shulgin | 2020-06-04 06:22:15 | Re: libpq copy error handling busted |
| Previous Message | Kyotaro Horiguchi | 2020-06-04 06:00:15 | Re: Asynchronous Append on postgres_fdw nodes. |