Re: Spoofing as the postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Trevor Talbot" <quension(at)gmail(dot)com>
Cc: "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-28 16:37:29
Message-ID: 3877.1198859849@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

"Trevor Talbot" <quension(at)gmail(dot)com> writes:
> There's a fundamental problem that you can't make someone else do
> authentication if they don't want to, and that's exactly the situation
> clients are in. I don't see how this can possibly be fixed anywhere
> other than the client.

The point of requiring authentication from the server side is that it
will get people to configure their client code properly. Then if a MITM
attack is subsequently attempted, the client code will detect it.

It's true that this doesn't offer much defense in the case where a new
user is getting set up and a MITM attack is already active. But a user
who blindly trusts a server that he's never connected to before is open
to all sorts of attacks, starting for instance with mistyping the host
name. The fact that this approach doesn't (by itself) solve that
problem doesn't make it useless.

Also, getting people in the habit of setting up for mutual
authentication does have value in that scenario too; it makes the new
user perhaps a bit more likely to distrust a server that isn't
presenting the right certificate.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andrew Dunstan 2007-12-28 17:14:42 Re: [HACKERS] Unworkable column delimiter characters for COPY
Previous Message Trevor Talbot 2007-12-28 15:48:22 Re: Spoofing as the postmaster