Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-29 02:35:45
Message-ID: 200712290235.lBT2ZjN21922@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Magnus Hagander wrote:
> We could make it so that we *require* the root certificate to be present
> on the client and make the check, and simply refuse to connect without
> it. But my guess is that it'll just increase the bar for SSL adoption at
> all, whilst most people will find some insecure way to get the root key
> over there anyway. Unless we want to start shipping our own batch of
> trusted roots, and only support paid-for certificates or something...

Agreed. Requiring client root certificate checking is heavy-handed. At
most we could emit a server log message when a client has no
certificate.

Of course I am not sure anyone knows how to get that information from
SSL. We could do it in the clients we ship but a malicious client will
just remove the check.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2007-12-29 03:10:18 Re: Spoofing as the postmaster
Previous Message Andrew Dunstan 2007-12-29 01:26:06 Re: minimal update