Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 08:41:03
Message-ID: 200712230941.04594.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Bruce Momjian wrote:
> Bruce Momjian wrote:
> > I think at a minimum we need to add documentation that states if you
> > don't trust the local users on the postmaster server you should:
> >
> > 	o  create unix domain socket files in a non-world-writable
> > 	   directory
> > 	o  require SSL server certificates for TCP connections
>
> I have written documentation for this item:
>
> 	http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
>
> Comments?

What you actually need on the client side is ~/.postgresql/root.crt, not 
~/.postgresql/postgresql.crt as you wrote.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Responses

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2007-12-23 10:30:04
Subject: Re: Spoofing as the postmaster
Previous:From: Gregory StarkDate: 2007-12-23 07:57:07
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group