Skip site navigation (1) Skip section navigation (2)

Re: SSL Mode

From: Radoslaw Stachowiak <radek(at)alter(dot)pl>
To: postgresql <pgsql-admin(at)postgresql(dot)org>
Subject: Re: SSL Mode
Date: 2002-12-23 18:59:11
Message-ID: 20021223185911.GE3728@blue.alter.pl (view raw or flat)
Thread:
Lists: pgsql-admin
*** Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> [13:42 Mon 23.Dec]:
> > > > -rw-r--r--    1 postgres postgres     3223 Dec 18 17:10 server.crt
> > > > -rw-r--r--    1 postgres postgres      887 Dec 18 17:10 server.key
> > >
> > > I think it wants the private key file to be mode 600 or less --- a
> > > world-readable private key isn't very private, hmm?
> > 
> > Is this a good candidate for error message improvement?
> 
> Yes.  I will take care of it.

and one more suggestion, as this feature is a little bit to strong IMHO.

Common practice for such files (private keys) is to make them owned by
root user and postgres group with 640 mode. Root is an example of user
which has right to change keys. group readable flag is necesary for
postgres for accessing it, while write permission is not.

its not possible to use such protection schema with current pgsql, while
protection level is the same with both solution. 


	.radek.

In response to

Responses

pgsql-admin by date

Next:From: Tom LaneDate: 2002-12-23 19:31:47
Subject: Re: locking a table
Previous:From: Bruce MomjianDate: 2002-12-23 18:42:27
Subject: Re: SSL Mode

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group