Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Mark Mielke <mark(at)mark(dot)mielke(dot)cc>
Cc: Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Marko Kreen <markokr(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-29 04:26:45
Message-ID: 200712290426.lBT4QjY04324@momjian.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Mark Mielke wrote:
> Bruce Momjian wrote:
> > Good point.  I have added the last two sentences to the documentation
> > paragraph to highlight this issue:
> >
> >    <productname>OpenSSL</productname> supports a wide range of ciphers
> >    and authentication algorithms, of varying strength.  While a list of
> >    ciphers can be specified in the <productname>OpenSSL</productname>
> >    configuration file, you can specify ciphers specifically for use by
> >    the database server by modifying <xref linkend="guc-ssl-ciphers"> in
> >    <filename>postgresql.conf</>.  It is possible to have authentication
> >    without the overhead of encryption by using <literal>NULL-SHA</> or
> >    <literal>NULL-MD5</> ciphers.  However, a man-in-the-middle could read
> >    and pass communications between client and server.
> >   
> A fact that the above misses, is that symmetric key encryption is 
> actually quite cheap. It is asymmetric key encryption that is expensive. 
> If you look up information on SSL accelerators, you will find claims 
> that the initial SSL authentication negotiation is 1000X as expensive as 
> the actual data encryption for a running session, and that SSL web 
> services are usually limited by their ability to negotiate NEW sessions. 
> In other words, as well intentioned and accurate as the claim you make 
> above, it may be irrelevant in many real world scenarios. If you are 
> going to go through all the expensive processing of having 
> authentication enabled, you may as well have encryption enabled too.

OK, updated paragraph:

    It is possible to have authentication without encryption overhead by
    using <literal>NULL-SHA</> or <literal>NULL-MD5</> ciphers.  However,
    a man-in-the-middle could read and pass communications between client
    and server.  Also, encryption overhead is minimal compared to the
    overhead of authentication.  For these reasons NULL ciphers are not
    recommended.

-- 
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

Responses

pgsql-hackers by date

Next:From: Mark MielkeDate: 2007-12-29 04:30:53
Subject: Re: Spoofing as the postmaster
Previous:From: Mark MielkeDate: 2007-12-29 04:02:14
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group