Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-22 18:04:47
Message-ID: 25142.1198346687@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Wouldn't SSL work over Unix-domain sockets as well?  The API only deals with 
> file descriptors.

Hmm ... we've always thought of SSL as being primarily comm security
and thus useless on a Unix socket, but the mutual authentication aspect
could come in handy as an answer for this type of threat.  Anyone want
to try this and see if it really works or not?

Does OpenSSL have a mode where it only does mutual auth and not
encryption?  The encryption would be wasted cycles in this scenario,
so being able to turn it off would be nice.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Mike RylanderDate: 2007-12-22 18:51:39
Subject: Re: Spoofing as the postmaster
Previous:From: Magnus HaganderDate: 2007-12-22 16:15:20
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group