On Fri, 13 Jan 2006, Tom Lane wrote:
> "Brian A. Seklecki" <lavalamp(at)spiritual-machines(dot)org> writes:
>> If a "bad person" were to somehow obtain a copy of the source code with a
>> password embedded in the connect string (Steal it from a developer who
>> uses Windows, or maybe convince Apache to not interpret PHP before sending
>> to the client, something stupid like that), they would still be unable to
>> connect without a client certificate.
> So they steal the client certificate file instead of (the file
> containing) the password. How exactly is this more secure?
You'd have to get a local shell on the server *plus* the password.
If a hacker can get a local shell on your web server (not a multi-user
environment, obviously), and the Web server isn't in a jail, then they've
probably got your database server too, and you might as well pack up and
But with OCSP, the CA for the organization can revoke the validity of a
Cert at any time by updating the CRL.
The password is entirely optional for the user. When you've got a Vhost
running multiple Apps talking to the same BD, and the Web servers runs as
the "www" or "http" user, you can even plug multiple database user
passwords into user ~/www/.pgpass and the username is mapped via the
Client X.509 cert.
In short, it's a deterrent to hackers and a convenience to admins. But we
all know if someone wants in, they'll get in and it won't be some kind of
attack a weakness in X.509 PKI, it will be the develpoer on Windows that
opens the e-mail with the attachment (or image file!)
> regards, tom lane
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
In response to
pgsql-admin by date
|Next:||From: Jim C. Nasby||Date: 2006-01-13 19:18:47|
|Subject: Re: Vacuum is needed or not?|
|Previous:||From: Tom Lane||Date: 2006-01-13 16:08:44|
|Subject: Re: PKI/SSL Client/Server Certificate Authentication |