| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-23 13:03:01 |
| Message-ID: | 200712231303.lBND31223521@momjian.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> Bruce Momjian wrote:
> > Bruce Momjian wrote:
> > > I think at a minimum we need to add documentation that states if you
> > > don't trust the local users on the postmaster server you should:
> > >
> > > o create unix domain socket files in a non-world-writable
> > > directory
> > > o require SSL server certificates for TCP connections
> >
> > I have written documentation for this item:
> >
> > http://momjian.us/tmp/pgsql/server-shutdown.html#SERVER-SPOOFING
> >
> > Comments?
>
> What you actually need on the client side is ~/.postgresql/root.crt, not
> ~/.postgresql/postgresql.crt as you wrote.
Thanks, updated:
http://momjian.us/tmp/pgsql/preventing-server-spoofing.html
(I mentioned the file name specificly so people like me wouldn't get
confused.) :-)
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2007-12-23 13:16:49 | Re: Spoofing as the postmaster |
| Previous Message | Magnus Hagander | 2007-12-23 12:19:59 | Re: Spoofing as the postmaster |