Quick Links

Re: PKI/SSL Client/Server Certificate Authentication

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	"Brian A(dot) Seklecki" <lavalamp(at)spiritual-machines(dot)org>
Cc:	pgsql-admin(at)postgresql(dot)org
Subject:	Re: PKI/SSL Client/Server Certificate Authentication
Date:	2006-01-13 16:08:44
Message-ID:	25602.1137168524@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

"Brian A. Seklecki" <lavalamp(at)spiritual-machines(dot)org> writes:
> If a "bad person" were to somehow obtain a copy of the source code with a
> password embedded in the connect string (Steal it from a developer who
> uses Windows, or maybe convince Apache to not interpret PHP before sending
> to the client, something stupid like that), they would still be unable to
> connect without a client certificate.

So they steal the client certificate file instead of (the file
containing) the password. How exactly is this more secure?

regards, tom lane

In response to

PKI/SSL Client/Server Certificate Authentication at 2006-01-13 15:23:23 from Brian A. Seklecki

Responses

Re: PKI/SSL Client/Server Certificate Authentication at 2006-01-13 17:19:38 from Brian A. Seklecki

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Brian A. Seklecki	2006-01-13 17:19:38	Re: PKI/SSL Client/Server Certificate Authentication
Previous Message	Tom Lane	2006-01-13 15:41:50	Re: [GENERAL] Problem with restoring database from 7.3.1 to 8.0.1