Skip site navigation (1) Skip section navigation (2)

Re: SSL (patch 5)

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bear Giles <bgiles(at)coyotesong(dot)com>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-patches(at)postgresql(dot)org
Subject: Re: SSL (patch 5)
Date: 2002-05-27 23:51:22
Message-ID: 28711.1022543482@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
Bear Giles <bgiles(at)coyotesong(dot)com> writes:
>> I seem to recall that OpenSSL handles generating appropriate randomness
>> itself.

> That's been an ongoing problem, and something may be done in 0.9.7.

That's good to hear.  Our position has been that if security experts
(ie, the SSL library developers) cannot figure out how to generate
secure keys on particular platforms, it's folly to suppose that
non-security-expert application developers (eg, database weenies)
will somehow manage to do better with off-the-cuff solutions.
Encapsulating that kind of knowledge is exactly what a library is
supposed to do for us.  IMHO anyway.

			regards, tom lane

In response to

pgsql-patches by date

Next:From: Neil ConwayDate: 2002-05-28 00:22:21
Subject: Re: COPY and default values
Previous:From: Tom LaneDate: 2002-05-27 23:46:10
Subject: Re: SSL (patch 3)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group