Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 13:03:01
Message-ID: 200712231303.lBND31223521@momjian.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Peter Eisentraut wrote:
> Bruce Momjian wrote:
> > Bruce Momjian wrote:
> > > I think at a minimum we need to add documentation that states if you
> > > don't trust the local users on the postmaster server you should:
> > >
> > > 	o  create unix domain socket files in a non-world-writable
> > > 	   directory
> > > 	o  require SSL server certificates for TCP connections
> >
> > I have written documentation for this item:
> >
> > 	http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
> >
> > Comments?
> 
> What you actually need on the client side is ~/.postgresql/root.crt, not 
> ~/.postgresql/postgresql.crt as you wrote.

Thanks, updated:

	http://momjian.us/tmp/pgsql/preventing-server-spoofing.html

(I mentioned the file name specificly so people like me wouldn't get
confused.)  :-)

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2007-12-23 13:16:49
Subject: Re: Spoofing as the postmaster
Previous:From: Magnus HaganderDate: 2007-12-23 12:19:59
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group