Re: Successor of MD5 authentication, let's use SCRAM

On Mon, Oct 15, 2012 at 1:21 PM, Will Crawford
<billcrawford1970(at)gmail(dot)com> wrote:
> On 14 October 2012 22:17, Daniel Farina <daniel(at)heroku(dot)com> wrote:
>
>> The problem there is that it's a pain to get signed certs in, say, a
>> test environment, so "don't check certs" will make its way into the
>> default configuration, and now you have all pain and no gain.
>
> This is precisely the issue that Debian deals with in providing the
> "default Snake Oil" certificate; software development teams -
> especially small shops with one or two developers - don't want to
> spend time learning about CAs and creating their own, etc, and often
> their managers would see this as wasted time for setting up
> development environments and staging systems. Not saying they're
> right, of course; but it can be an uphill struggle, and as long as you
> get a real certificate for your production environment, it's hard to
> see what harm this (providing the "snake oil" certificate) actually
> causes.

I don't see a problem at all with providing the snakeoil cert. In
fact, it's quite useful.

I see a problem with enabling it by default. Because it makes people
think they are more secure than they are.

In a browser, they will get a big fat warning every time, so they will
know it. There is no such warning in psql. Actually, maybe we should
*add* such a warning. We could do it in psql. We can't do it in libpq
for everyone, but we can do it in our own tools... Particularly since
we do print the SSL information already - we could just add a
"warning: cert not verified" or something like that to the same piece
of information.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/