| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <mha(at)sollentuna(dot)net> |
| Cc: | "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: [HACKERS] RE: [INTERFACES] Re: SSL patch |
| Date: | 1999-07-23 21:24:16 |
| Message-ID: | 199907232124.RAA20518@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Well. The problem is that the client sends the StartupPacket without reading
> anything at all from the server, which means it is too late to do SSL
> negotiation after the StartupPacket. It contains the password (possibly in
> clear-text), which would be one of the most important things to protect. So
> I'm pretty sure that the negotiation has to take place _before_ the
> StartupPacket. And since the StartupPacket is the very first thing that is
> sent, it might be hard.
> Just co clearify: the SSL-enabled server still accepts 6.6 clients that are
> compiled without SSL support, but it will not accept from 6.5 clients, as it
> is now.
So your concern is that the client will send hashed password as
cleartext before finding out it has to do SSL? Doesn't the client do
SSL and then send the SSL request to the server? Why do we have to have
clients who use SSL sending non-SSL requests to the server? Let them
fail if they do that. If you want to force SSL from certain hosts, put
that in hba_conf, and only accept SSL from those? I am really lost on
the problem here.
--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 1999-07-23 22:44:13 | Re: [HACKERS] Phantom row from aggregate in self-join in 6.5 |
| Previous Message | Tom Lane | 1999-07-23 20:38:32 | Re: [HACKERS] Re: SSL patch |