Re: Spoofing as the postmaster

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl>
Subject: Re: Spoofing as the postmaster
Date: 2007-12-23 08:41:03
Message-ID: 200712230941.04594.peter_e@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Bruce Momjian wrote:
> Bruce Momjian wrote:
> > I think at a minimum we need to add documentation that states if you
> > don't trust the local users on the postmaster server you should:
> >
> > o create unix domain socket files in a non-world-writable
> > directory
> > o require SSL server certificates for TCP connections
>
> I have written documentation for this item:
>
> http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
>
> Comments?

What you actually need on the client side is ~/.postgresql/root.crt, not
~/.postgresql/postgresql.crt as you wrote.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2007-12-23 10:30:04 Re: Spoofing as the postmaster
Previous Message Gregory Stark 2007-12-23 07:57:07 Re: Spoofing as the postmaster