Re: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Dan Kaminsky <dan(at)doxpara(dot)com>, Gregory Stark <stark(at)enterprisedb(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date: 2008-08-19 18:57:55
Message-ID: 8267.1219172275@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Magnus Hagander <magnus(at)hagander(dot)net> writes:
> (I don't believe OpenSSL does this verification either, because AFAICS
> OpenSSL only ever sees the IP address of the server, and not the FQDN)

In common usages libpq doesn't have the FQDN of the server either.
To impose such a requirement, we'd have to forbid naming the server
by IP address or via a domain-search-path abbreviation.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Magnus Hagander 2008-08-19 19:01:36 Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Previous Message Alexander Kirpa 2008-08-19 18:14:25 BUG #4364: type of "new.id" does not match that when preparing the plan