Andrew Dunstan wrote:
> Peter Eisentraut wrote:
>> Bruce Momjian wrote:
>>> The fundamental problem is that because we don't require root, any
>>> postmaster or pretend postmaster is as legitimate as anyone else's. SSL
>>> certificates add legitimacy checks for TCP, but not for unix domain
>> Wouldn't SSL work over Unix-domain sockets as well? The API only
>> deals with file descriptors.
> But we don't check the SSL cert's credentials in the client, AFAIK. That
> means that postmaster spoofer could just as easily spoof SSL.
> Communications between the client and the endpoint will be protected,
> but there is no protection from a man in the middle attack, which is
> what this is.
We do if you put the CA cert on the client.
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2007-12-22 18:04:47|
|Subject: Re: Spoofing as the postmaster |
|Previous:||From: Peter Eisentraut||Date: 2007-12-22 16:13:05|
|Subject: Re: Spoofing as the postmaster|