| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | edgecase14(at)gmail(dot)com, pgsql-docs(at)lists(dot)postgresql(dot)org |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: unclear wording re: spoofing prevention on network connections |
| Date: | 2023-12-09 16:29:00 |
| Message-ID: | ZXSVzKxaGFTuxXKu@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On Fri, Dec 8, 2023 at 05:42:27PM +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/16/preventing-server-spoofing.html
> Description:
>
> When I read:
> To prevent spoofing on TCP connections, either use SSL certificates and make
> sure that clients check the server's certificate, or use GSSAPI encryption
> (or both, if they're on separate connections).
>
> It takes some thought to figure out what "separate connections" are being
> referred to. Does it mean separate TLS connection and
> non-tls-with-gssapi-encryption?
I have no idea. It was added in this commit:
commit b0b39f72b9
Author: Stephen Frost <sfrost(at)snowman(dot)net>
Date: Wed Apr 3 15:02:33 2019 -0400
GSSAPI encryption support
On both the frontend and backend, prepare for GSSAPI encryption
support by moving common code for error handling into a separate file.
Fix a TODO for handling multiple status messages in the process.
Eliminate the OIDs, which have not been needed for some time.
...
I have CC'ed the patch author.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2023-12-09 16:52:52 | Re: unclear wording re: spoofing prevention on network connections |
| Previous Message | PG Doc comments form | 2023-12-08 17:42:27 | unclear wording re: spoofing prevention on network connections |