Skip site navigation (1) Skip section navigation (2)

Re: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-bugs(at)postgresql(dot)org
Cc: Dan Kaminsky <dan(at)doxpara(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Gregory Stark <stark(at)enterprisedb(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date: 2008-08-20 11:39:28
Message-ID: 200808201439.30240.peter_e@gmx.net (view raw or flat)
Thread:
Lists: pgsql-bugs
Dan Kaminsky wrote:
> >> 1) No roots (but still works for some unknown reason)
> >> 2) Explicitly configured corporate roots
> >> 3) Explicitly configured corporate roots, AND global roots
> >> 4) Global roots (but still works for some unknown reason)

> So, if you do nothing special, it's #1?  Sounds like the path of least
> resistance is no security.  Uh oh.

Yeah, in the average, if not common case, a user interested in SSL use would 
probably just follow the recipe in the documentation for creating and 
installing a self-signed certificate with no certificate checking in the 
client.  Which, as you correctly observe, is pretty much completely useless.

Someone should probably redesign, reconfigure, and redocument this.

In response to

Responses

pgsql-bugs by date

Next:From: Magnus HaganderDate: 2008-08-20 11:56:56
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Previous:From: Dan KaminskyDate: 2008-08-19 20:35:24
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group