| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Christoph Berg <myon(at)debian(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jakob Egger <jakob(at)eggerapps(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sslmode=require fallback |
| Date: | 2016-08-19 16:22:32 |
| Message-ID: | CAMkU=1yAoA6rjprhWtuHj5+SvFAF8z70cPfFDZYu7dbNUJ53EQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Jul 30, 2016 at 11:18 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> On Fri, Jul 29, 2016 at 11:27:06AM -0400, Peter Eisentraut wrote:
> > On 7/29/16 11:13 AM, Bruce Momjian wrote:
> > > Yes, I am thinking of a case where Postgres is down but a malevolent
> > > user starts a Postgres server on 5432 to gather passwords. Verifying
> > > against an SSL certificate would avoid this problem, so there is some
> > > value in using SSL on localhost. (There is no such security available
> > > for Unix-domain socket connections.)
> >
> > Sure, there is the requirepeer connection option for that.
>
> Oh, nice, I had not seen that.
>
Hi Bruce,
There is typo in the doc patch you just committed
"On way to prevent spoofing of"
s/On/One/
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Konstantin Knizhnik | 2016-08-19 16:36:26 | Re: Logical decoding restart problems |
| Previous Message | Petr Jelinek | 2016-08-19 16:06:31 | Re: Logical decoding restart problems |