Re: Spoofing as the postmaster

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Gregory Stark <stark(at)enterprisedb(dot)com>, Marko Kreen <markokr(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-30 00:43:21
Message-ID: 200712300043.lBU0hLj27488@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:
> This is basically the same old mutual authentication problem that SSL
> was designed to solve by using certificates. I don't think we have
> either the need or the expertise to re-invent that wheel.
>
> ISTM we have these action items:
>
> 1. Improve the code so that SSL authentication can be used across a
> Unix-socket connection ...

Added to TODO:

* Allow SSL authentication/encryption over unix domain sockets

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Warren Turkal 2007-12-30 08:40:23 question about timestamp
Previous Message Greg Smith 2007-12-29 23:55:04 Re: Spoofing as the postmaster