Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Trevor Talbot" <quension(at)gmail(dot)com>
Cc: "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2007-12-28 16:37:29
Message-ID: 3877.1198859849@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
"Trevor Talbot" <quension(at)gmail(dot)com> writes:
> There's a fundamental problem that you can't make someone else do
> authentication if they don't want to, and that's exactly the situation
> clients are in. I don't see how this can possibly be fixed anywhere
> other than the client.

The point of requiring authentication from the server side is that it
will get people to configure their client code properly.  Then if a MITM
attack is subsequently attempted, the client code will detect it.

It's true that this doesn't offer much defense in the case where a new
user is getting set up and a MITM attack is already active.  But a user
who blindly trusts a server that he's never connected to before is open
to all sorts of attacks, starting for instance with mistyping the host
name.  The fact that this approach doesn't (by itself) solve that
problem doesn't make it useless.

Also, getting people in the habit of setting up for mutual
authentication does have value in that scenario too; it makes the new
user perhaps a bit more likely to distrust a server that isn't
presenting the right certificate.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2007-12-28 17:14:42
Subject: Re: [HACKERS] Unworkable column delimiter characters for COPY
Previous:From: Trevor TalbotDate: 2007-12-28 15:48:22
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group